Motorola Razr Vulnerability
In mobile news: TippingPoint has reported a JPEG Processing Stack Overflow Vulnerability affecting firmware based Motorola Razr phones. The vulnerability was discovered last summer. New Razr shipments will not be affected as Motorola has produced a fix for the issue.
The vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola Razr firmware based cell phones.
From TippingPoint:
A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.
So some user interaction is required — accepting the MMS. However, people by and large generally trust image files so that isn't a difficult social engineering challenge.
On a positive note, the Razr uses a proprietary OS and the "knowledge base" is limited to enthusiasts and modders. But there are modders are out there. Popular hardware always generates a crowd of recreational hackers, e.g. iPhone.
Perhaps we'll see this JPEG exploit used to simplify unlocking older Razrs. Jailbreaking the iPhone was simplified by a TIFF handling exploit after all.
We probably won't see any malware as a result of this vulnerability. Still, one interesting thing to consider is that if a Razr were to be exploited by this, the user wouldn't be able to undo the damage without a reinstall of the firmware. Being a closed OS, there is no hard reset available as there are with many smartphones.
Updates are available for older Razr models via Motorola.
[Source: f-secure]
Post a Comment