May 30, 2008

Is your cell phone vulnerable?

Recently, it was disclosed that a malformed JPEG image could allow a remote attacker to execute arbitrary commands on a MOTOROLA RAZR phone firmware.

A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.

So some user interaction is required — accepting the MMS. However, people by and large generally trust image files so that isn't a difficult social engineering challenge.

Perhaps we'll see this JPEG exploit used to simplify unlocking older Razrs. Jailbreaking the iPhone was simplified by a TIFF handling exploit after all.

However, next time that cute chick you met on myspace sends you an "Picture"- Think twice about opening it.

4 comments:

Anonymous said...

Try to provide a link to where this actually happened.

Gillis57 said...

wanas-

There has been no reported cases of this happening as of yet. It was only publicly disclosed on May 27. It is unlikely to be widely used because of the propietary OS that the RAZR uses. However, if it is exploited, users have only the option of reinstalling the firmware, as there in no reset feature.

Anonymous said...

I don't think they should go as deep as to the OS level. It is the viewer that is buggy here, I think it is some sort of a segmentation fault.

If this only happens with the image viewer in the RAZR, then really those programmers must have been on drugs while writing it.

Gillis57 said...

well, when your coding for a expected age range of 13-20, you apparently have quite a bit of leeway as to your consumption of illegal narcotics. Perhaps even encouraged by the designers, that would explain a lot...