A Polish researcher has warned users of Nokia's Series-40 smartphones that the handsets are vulnerable to attack due to two critical vulnerabilities in Sun's Java technology.

Nokia has been notified of the problems in Java 2 Micro Edition by Adam Gowdiak, a security researcher who claims to have found a total of 14 security flaws in the Nokia phones.

However, rather than providing full details of the flaws to Sun and Nokia, Gowdiak is looking for a pay-off. So far, he's given the vendors limited information on the vulnerabilities - approximately one-to-two pages worth, according to Computerworld US - and he's asking for €20,000 to reveal the rest.

"There are six long months of work in this research," he told Computerworld. "It was an enormous amount of research."

Gowdiak says the flaws could be used by hackers to plant malicious Java apps on the Nokia smartphones, and those apps could then be used to make phone calls from the handsets, send text messages and recording audio or video.

"This can completely wipe out any security within J2ME," said Gowdiak. "It allows [attackers] to do anything malicious on any mobile device."