Motorola RAZR vulnerable to JPEG attack

By

Hackers could run malicious code on the RAZR device by sending a corrupt image by MMS, according to an advisory from TippingPoint

Motorola RAZR vulnerable to JPEG attack
Motorola's RAZR handset is vulnerable to downloading malware from a corrupted picture message, TippingPoint said on its vulnerability reporting service, Zero Day Initiative (ZDI).

Hackers are able to send a corrupt JPEG image to a RAZR which would run malicious code on the device if viewed, according to the ZDI advisory, released on Tuesday. Malicious code could force the device to make unwanted calls or send unwanted messages, for example.

The flaw exists in the JPEG thumbprint component of the EXIF parser. EXIF, or Exchangable Image File format, is a set of tags that can be embedded in image files, which might include the location where the image was taken or the camera used to take it.

When the user tries to view the image, a memory corruption is caused and malicious code can be run on the device.

Motorola was quoted on the advisory as saying: "Together, ZDI and Motorola have identified a potential vulnerability related to viewing malicious, manipulated JPEG files affecting select RAZR-series devices. Although the possibility of this vulnerability occurring is very remote and would only occur in unique circumstances, Motorola proactively corrected it in all new device releases."

The phone vendor urged RAZR users to download a firmware update from its website. Though the site insists users confirm that their device is under warranty, any users entering a date of purchase within the last 24 months are able to download the update.

Motorola has known about the vulnerability since July last year.

There are as yet few mobile viruses in existence - probably less than 400 - and many of these are proof of concept.

But many businesses are keeping a close watch on mobile exploits, particularly those which affect the major enterprise platforms.

Many of the anti-virus vendors now have a product which they claim will help to secure mobile devices against malware.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?