Nokia has confirmed that its S40 OS has "security vulnerabilities that could allow stealth installation and activation of applications." The company did not mention which edition of the platform is flawed, or if all are.

The company apparently paid €20,000 (US$29,500) to researcher Adam Gowdiak of Security Explorations to research on the flaws, but didn't confirm the payment.

Gowdiak is a polish researcher that found the flaws on J2ME platform, which is widely used in Java phones, and he found flaws on the S40 OS itself, which is Nokia's most popular mobile phone platform. Gowdiak used to work for Sun Microsystems, which is where the Java programming language was invented. The researcher is now the CEO and founder of Security Explorations.

Nokia did confirm that the S40 OS is vulnerable to secret applications installation, and has found that previous versions of the platform are susceptible to control over restricted functions. Gowdiak has said that these controls could  be used to send maliciously crafted messages to a particular phone number.

[via PC World]