Is this capability related or similar to the the one that an operator (vodafone, etc.) can know automatically which phone model is your phone, which is your configuration for internet connection and maybe also other informations? All this is done now without user confirmation. What can be done remotely by default for Nokia phones without user confirmation?

Hmmm... This is something related to HTTP headers I guess. When you use the browser to connect to a page the device sends information in request headers possibly including device model (UserAgent). The request might also contain some additional headers added by (possible) WAP proxy server. So yes, the web/WAP server knows which phone model you have and which network connection you are using after you have made a request.

Or are you talking about something else?

Hartti

Maybe. But also by voice call. I remember a call to my operator's customer care. It answered a recorded voice but when I selected a particular menu by keypad, the recorded voice wait a few seconds and then told me "your model is Nokia N91.. we will send to you a message for Internet configuration.."
Then another time speaking with a real person of custemer care, She told me "Oh, yes I can see your Interenet configuration...". I don't know if those informations are recorded when you connect by browser and the collected to a db. But I think the power of operators goes sometimes inside what should be manufacturer's power( for example see the discussions about Java trusted third parties and the security permissions that depend also on the operator ). Strictly related to your post if the "roving bug" was real, it wouldn't be the first example of complex "backdoor" trap.
..sorry for my posts, I'm searching enlighting too.

What do you think?

Did you buy your phone from Vodafone? In that case they of course know what device you are using...
Also the customer care representative was probably referring to the original Internet settings on your phone, so that should not be a surprise that he/she knows them.

Related to the MIDP security domain policy. That is only a RECOMMENDATION so some operators/manufacturers can choose not to follow that document.

Hartti

No, I passed from another operator to Vodafone.

Regards

Your device's web/wap browser sends headers just like any other browser (Internet Explorer, Frefox...). And yes, sometimes it's possible to determine from these information the type of your device and capabilities (pictures, sounds it can handle). But this all is not so easy as it should be and we (as we in the business relying somehow on right recognition of the device) really like to have more accurate info.
Maybe it'll change "soon": http://www.w3.org/2005/MWI/DDWG/workshop2006/

But this is really nothing bad at all! If you buy some content like java game, you will be glad that your device has been resolved and you don't have to choose it from the list. Also when you call the operator you won't be hours on the line to try understand what he's saying, he'll just know and solve things...

What was mentioned in the article is really weird, I can't figure the possible way to make other device without touching it to send the data somewhere without my knowledge. Maybe send via bluetooth something what looks like something else and the victim accepts it (it's spyware actually).

Hi,
now it's available a software for converting a Nokia phone (only a limited number of devices ) into a spying device. As reported on Symbianone:

"-- A Hi-Tech software development specialising in development of software for Symbian enabled mobile phones has advanced the technology of intercepting mobile phone calls and text messages. Thespyphone Ltd is the only company to develop a Spy Phone Solution as 100% software based solution which customers can download and convert their phones into a Spy Device within seconds!

Currently one can only purchase physical handsets which have been modified to become spyphones. Several competitors are offering physical handsets, but this software is the first in the industry to present an option of converting an existing phone into a Spy Phone without any hardware tweaking http://www.thespyphone.com/spyphone.html.

The process of converting involves the installation of the spy software. The software controls the basic functions of the mobile phone such as incoming call handling, backlight, log engine and installation logs. This can be achieved with a normal installation procedure by the customer. Thespyphone Ltd states that no hardware tweaking of any kind has to be performed and that there are no special steps for customising the cell phone. The software is also invisible to the end user. No parts of the software can be traced to be installed on the phone or logs of incoming calls.

Thespyphone Ltd claims that this breakthrough in the spying technology would revolutionise the industry as there is huge demand for this product worldwide. Nevertheless, currently the technology is only able to cover a limited number of Nokia mobile phones and additional amounts of investments are required to progress this software to cover additional handsets. Development of spyphone software is slow as the supply of qualified Symbian developers is low as compared to the demand in Europe. Thespyphone Ltd is working to acquire resources and funding to develop the same software for other popular Symbian handsets."

Homepage at http://www.thespyphone.com/spyphone.html

If this is available for common people, I don't wonder if something else even more strong or with hidden installation is available for multi-billions budeget corporations or institutions. What do you think?

regards

Loads of information here:

http://www.cctvbiz.com
http://www.cbsaudiovisual.com