In association with heise online

28 May 2008, 10:04

Malicious code execution on Motorola RAZR mobiles

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Zero Day Initiative has discovered that manipulated JPG images can provoke a buffer overflow in Motorola's RAZR mobiles that reportedly allows malicious code to be executed. Users have to open the image themselves to trigger the exploit.

The images can be transmitted to the cell phone using Bluetooth or MMS. If the image is sent as an MMS, the gateway may transcode images to take account of the receiving cell phone's properties. The resolution might be reduced, or an image in PNG format might be converted to JPG. However, according to the report the flaw is in the phone's EXIF parser, which handles image metadata. These data generally pass through the gateway unchanged.

Motorola was informed of the flaw in July 2007 and has a fixed it in recent versions. The vendor has reportedly also produced an update for older versions, though the web site currently only presents an error message.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-735315
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit