Hi,

My 2 pence on all of this.

Regarding breaking encyrption algorithms, there are alot easier ways of eavesdropping on a call. At the end of the day encryption to an entity must end somewhere for the transmitted data to any use, hence in our case it is de-crypted in the mobile handset.

On the issue of smart phones, one can implement a MIDP applet to listen to the speaker on the handset when it starts to transmit data, the applet then just collects the data and pushes this out somewhere when the user connects to the net via his handset. Some thing that springs to mind here is DRM (Digital Rights Management) will this ever work!! when data has to be de-crypted and played back somewhere!!

Redarding different platforms and the difficulty to propogate a virus, I think this is interesting. I think there is a common factor in all OS's provided vendors and that is a standard way to do a service and alomost all handset now have support for J2ME i.e. SMS is supported both on claosed and open OS's, newer services that you will see (in the future) PoC (Push to talk over cellular) is another service that will be supported by all OS's. My point being, potentially a J2ME applet can easily exploit new services on a handset by propogating it-self to all subscribers on a particular handsets phonebook. If you take a look at some MIDP API's there is a powerful infrastructure already in place to access sensitive areas of a mobile handset.

Bluetooth on the other hand is a different kettle of fish. It can be used to transmit AT commands to a phone, meaning anything and everything can be exploited on a mobile handset unless some propritary implementation prevents it. In-fact this can be done over Infra-red but obviously more restritive due the frequency range. The Bluetooth protocol it-self is fairly good security wise (to my knowledge) as they have just defined a new security pairing scheme and also working on taking on ciphering options over a bluetooth link. I thnk in the future we will be seeing something called PAN's (Pesonal Area Networks) which use bluetooth to connect to one another, this is where thigs may get a little complicated as definitions for Master objects and authorisation/authentication within the PAN will become an issue, perhaps the use of TCG (Trusted Computing Group) may come into use here.

Regards,