Windows Mobile 6.0 and 6.1 Users Beware of Bluetooth Vulnerability
Article by George Norman
On 16 Jul 2009
If you have an HTC smartphone powered by the Microsoft developed operating system Windows Mobile 6.0 or Windows Mobile 6.1, then you should be made aware of the fact that your device may be hacked. There is a Bluetooth vulnerability affecting Windows Mobile 6.0 and 6.1-powered HTC smartphones that if exploited by a person with malicious intent could allow that person access to any and all files stored on the device.

And as if having access to your precious data was not enough, it seems that the attacker could also upload malicious code via Bluetooth to your device. So the next time you want to connect to an untrusted device via Bluetooth, think twice about it.

Advertising

The problem stems from the fact that the same vulnerable Bluetooth driver is used by HTC on many WinMo-powered devices: Touch Diamond, Touch Pro, Touch Cruise, Touch Find, S710 and S740 to name but a few. Any HTC device powered by the following operating systems is vulnerable:
Windows Mobile Professional
Windows Mobile 6 Standard
Windows Mobile 6.1 Professional
Windows Mobile 6.1 Standard


Additional details on this vulnerability are provided by Alberto Moreno Tablado, the one who brought the issue to light: “HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. This can be leveraged for code execution by writing to a Startup folder. The only requirement [to exploit the vulnerability] is that the attacker must have authentication and authorization privileges over Bluetooth. Pairing up with the remote device should be enough to get it; however, more sophisticated attacks, such as sniffing the Bluetooth pairing, linkkey cracking and MAC address spoofing, can be used in order to avoid this. In case the attacker succeeded in getting the proper privileges, further actions will be transparent to the user.”

The only workaround provided for this vulnerability is not to accept pairing nor connection requests from unknown sources.

In related news, Windows Mobile 6.0 and 6.1 users will be glad to find out that the Windows Marketplace for Mobile will work for them as well (details here).



Tags: HTC, Windows Mobile, Bluetooth
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 26 May 2017
Rising Storm GOTY is completely free on Humble Bundle. Fallout 4 and Racket: NX are free-to-play on Steam. And Gwent: The Witcher Card Game is available for free as a Public Beta.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Windows Mobile 6.0 and 6.1 Users Beware of Bluetooth Vulnerability
HTML Linking Code