• On The Insider: Britney's Bikini-Clad Top 10
May 27, 2008 5:24 PM PDT

Malicious image could open security hole in Razr

by Elinor Mills
  • Font size
  • Print
  • 15 comments

If you use a Motorola Razr cell phone, don't accept JPEGs from strangers.

A vulnerability has been discovered in the phones that could allow a hacker to send a corrupt JPEG image via Multimedia Messaging Service that could be leveraged to run malicious code on the phone. However, you would have to accept the image for download before that could happen.

The specific flaw exists in the JPEG thumbprint component of the EXIF parser, according to an advisory released by security firm TippingPoint's Zero Day Initiative on Tuesday.

"Although the possibility of this vulnerability occurring is very remote," Motorola has fixed the vulnerability in all new releases of the Razr and urges people with older devices to download the latest software from its Web site, the advisory said.

The vulnerability was reported to Motorola last June.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Security,

Cellular

Tags:

security,

Motorola,

Razr

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
CNET News Daily Podcast: Why Verizon is key to the Droid's success
Can the Droid save Motorola?
Microsoft patches critical hole in Windows kernel
On Call: Hello, Moto
Apple updates Safari for security
Report: Motorola looks to sell set-top box biz
On Call: Does cell phone design still matter?
Time Warner home routers still open to attack, blogger says
Add a Comment (Log in or register) (15 Comments)
  • prev
  • 1
  • next
by The_Decider May 27, 2008 7:32 PM PDT
"If you use a Motorola Razr cell phone, don't accept JPEGs from strangers."

Worst advise ever!!! You should be immediately fired, not only for this asinine comment but the many you write every single week. Just because an image comes from a friend doesn't mean it is not malware. Now, if one knows for an absolute fact that said friend took the picture so it can't be compromised, then perhaps a person will feel safe opening it. Then again maybe the person you think it is coming from really isn't that person and instead is some evildoer. Best bet is to verify it is a legitimate image and has no executable code in it, NO MATTER WHERE THE IMAGE CAME FROM..

What are your qualifications for writing at an allegedly tech news site? You know how to turn on a computer and use word? Inexcusable ignorance.
Reply to this comment
by Vegaman_Dan May 28, 2008 8:21 AM PDT
It sounds like your understanding of the technology may be incomplete. The article is about a cell phone, not a computer. Unless you can give specific exact information on how to double check and verify that an image file contains no executable code in it from the phone itself, then you have no leg to stand on.

In other words...

SHUT UP, YOU ABSOLUTE WASTE OF SPACE.

Is it just me or is this guy is getting more and more annoyingly stupid every day?
by The_Decider May 28, 2008 1:03 PM PDT
Dan,

As usual you show your total ignorance. Cell phone? Computer? A razr is a computer dumb ass! Seriously, you have shown absolutely no computer knowledge and the statement made was ludicrious on its face and displays total ignorance.

How am I a waste of space when you don't understand computers even at a rudimentary level. That you would defend inorance is not suprising since you revel in your ignorance.

Are you really this stupid? You download the file to a computer and check it. Seriously, you couldn't figure that out? You are a waste of oxygen *******.
by The_Decider May 27, 2008 7:32 PM PDT
"If you use a Motorola Razr cell phone, don't accept JPEGs from strangers."

Worst advise ever!!! You should be immediately fired, not only for this asinine comment but the many you write every single week. Just because an image comes from a friend doesn't mean it is not malware. Now, if one knows for an absolute fact that said friend took the picture so it can't be compromised, then perhaps a person will feel safe opening it. Then again maybe the person you think it is coming from really isn't that person and instead is some evildoer. Best bet is to verify it is a legitimate image and has no executable code in it, NO MATTER WHERE THE IMAGE CAME FROM..

What are your qualifications for writing at an allegedly tech news site? You know how to turn on a computer and use word? Inexcusable ignorance.
Reply to this comment
by The_Decider May 27, 2008 7:32 PM PDT
"If you use a Motorola Razr cell phone, don't accept JPEGs from strangers."

Worst advise ever!!! You should be immediately fired, not only for this asinine comment but the many you write every single week. Just because an image comes from a friend doesn't mean it is not malware. Now, if one knows for an absolute fact that said friend took the picture so it can't be compromised, then perhaps a person will feel safe opening it. Then again maybe the person you think it is coming from really isn't that person and instead is some evildoer. Best bet is to verify it is a legitimate image and has no executable code in it, NO MATTER WHERE THE IMAGE CAME FROM..

What are your qualifications for writing at an allegedly tech news site? You know how to turn on a computer and use word? Inexcusable ignorance.
Reply to this comment
by The_Decider May 27, 2008 7:33 PM PDT
"If you use a Motorola Razr cell phone, don't accept JPEGs from strangers."

Worst advise ever!!! You should be immediately fired, not only for this asinine comment but the many you write every single week. Just because an image comes from a friend doesn't mean it is not malware. Now, if one knows for an absolute fact that said friend took the picture so it can't be compromised, then perhaps a person will feel safe opening it. Then again maybe the person you think it is coming from really isn't that person and instead is some evildoer. Best bet is to verify it is a legitimate image and has no executable code in it, NO MATTER WHERE THE IMAGE CAME FROM..

What are your qualifications for writing at an allegedly tech news site? You know how to turn on a computer and use word? Inexcusable ignorance.
Reply to this comment
by The_Decider May 27, 2008 7:35 PM PDT
Sorry for the 4 posts. All 4 times returned an error that apparently didn't exist. It seems that the writers at CNET are not alone in their incompetence.
Reply to this comment
by The_Decider May 27, 2008 7:36 PM PDT
LOL, two of them mysteriously vanished.
by Vegaman_Dan May 28, 2008 8:22 AM PDT
You are absoluetely correct, The_Decider. Incompetence is something you are very familiar with- people only need to look at your postings.
by The_Decider May 28, 2008 1:05 PM PDT
LOL you are funny Dan. You don't understand that cell phones today are computers and that you can download files from a phone to computer and you call me ignorant?

I guess in the world you live in where your opinions are fed to you from the MS marketing department that makes some sort of sense.
by kingx12 May 28, 2008 5:14 AM PDT
ok dude he said dont accept picture messages from strangers hence someone who is not in your contacts and your making a big deal out of this for what reason , plus just go download the software
Reply to this comment
by The_Decider May 28, 2008 1:06 PM PDT
I am making a big deal of this because the author stupidly implies that it is OK to open files from friends. This is the height of ignorance and a large reason why there are so many security issues.
by The_Decider May 28, 2008 1:14 PM PDT
Also, you do not seem to understand that a file from a friend is not necessarily safe. Just because the address that was used to send the file doesn't mean your friend sent it. You obviously don't know much about computers else you would know that it is easy to spoof email addresses, phone numbers, etc. You can never absolutely know that a file is safe or it came from the person you think it did. How hard is that to understand?

You, Vegetable Head, and Elinor are the reason why so much malware gets spread. Ignorance is the prime cause of getting infected. You three are exhibit A in the argument that people should not use any sort of networked computing devices without a license.
by kingx12 May 28, 2008 5:15 AM PDT
ok dude he said dont accept picture messages from strangers hence someone who is not in your contacts and your making a big deal out of this for what reason , plus just go download the software
Reply to this comment
by benjaminstraight July 24, 2008 3:36 PM PDT
Wow. Lucky I caught this.
Reply to this comment
(15 Comments)
  • prev
  • 1
  • next

A CNET Conversation with Eric Schmidt

CNET's Tom Krazit and Molly Wood sit down with Google CEO Eric Schmidt to discuss the future of Android, the Chrome OS, the problem of real-time search indexing, and more.

Verizon tests sending RIAA copyright notices

The No. 2 phone company, known for its reluctance to intervene in antipiracy cases, strikes an agreement to forward copyright notices on behalf of the music industry.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET