Telecommunication giant Nokia has confirmed that its widely used Series 40 operating system has security vulnerabilities that could allow stealth installation and activation of applications.     

The flaws were disclosed by Polish security researcher Adam Gowdiak, as he pointed out the existence of flaws to Nokia and Sun shortly before going public with his findings, but demanded €20,000 from the companies to divulge those full details.

However, the company remained ambiguous on whether it paid up, citing ‘security reasons’.

Gowdiak, a researcher in Poland, said earlier this month he had found problems with Java 2 Micro Edition (J2ME), an application framework for mobile devices, as well as the Series 40 OS. Nokia claims Series 40 is the mostly widely used mobile device platform.

“Our testing has been concentrating on products that might have both of the claims present. We can confirm that both claims are valid in some of our products. Once we have completed testing and analysis of the alleged issues, we will communicate the next steps. We will also investigate potential measures to counter the risk of stealth installation,” Nokia said in a statement released last week.

Nokia further added saying that it isn''t aware of attacks against Series 40 devices, and the problems do not represent a “significant risk.”

While details on the vulnerabilities remained limited, Gowdiak has said an attack could be launched by sending maliciously crafted messages to a particular phone number.