Adrian Nowak and Karsten Sohr, research scientists at Bremen university, have discovered a vulnerability in Sony Ericsson phones which gives applications read and write access to the device’s system files. This could, for example, be exploited to replace the certificates confirming the origin of programs to be installed. While attackers could use it to install arbitrary software on the devices, users could also replace the logos and ring tones installed for "branding" purposes.
For the installation of malicious software, the user only needs to confirm that the software is allowed to read and write user data. According to the researchers this is standard practice with trusted applications and doesn’t, therefore, raise any suspicion. Many of the models sold between 2005 and 2007 are affected: for example K750i, K800i, K810i, T650i and W880i. These models don’t run the Symbian OS but a proprietary Sony Ericsson operating system.
Security hole in Sony Ericsson mobiles - heise Security