Windows Mobile 6.0 and 6.1 Users Beware of Bluetooth Vulnerability
If you have an HTC smartphone powered by the Microsoft developed operating system Windows Mobile 6.0 or Windows Mobile 6.1, then you should be made aware of the fact that your device may be hacked. There is a Bluetooth vulnerability affecting Windows Mobile 6.0 and 6.1-powered HTC smartphones that if exploited by a person with malicious intent could allow that person access to any and all files stored on the device.
And as if having access to your precious data was not enough, it seems that the attacker could also upload malicious code via Bluetooth to your device. So the next time you want to connect to an untrusted device via Bluetooth, think twice about it.
The problem stems from the fact that the same vulnerable Bluetooth driver is used by HTC on many WinMo-powered devices: Touch Diamond, Touch Pro, Touch Cruise, Touch Find, S710 and S740 to name but a few. Any HTC device powered by the following operating systems is vulnerable:
Windows Mobile Professional
Windows Mobile 6 Standard
Windows Mobile 6.1 Professional
Windows Mobile 6.1 Standard
Additional details on this vulnerability are provided by Alberto Moreno Tablado, the one who brought the issue to light: “HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. This can be leveraged for code execution by writing to a Startup folder. The only requirement [to exploit the vulnerability] is that the attacker must have authentication and authorization privileges over Bluetooth. Pairing up with the remote device should be enough to get it; however, more sophisticated attacks, such as sniffing the Bluetooth pairing, linkkey cracking and MAC address spoofing, can be used in order to avoid this. In case the attacker succeeded in getting the proper privileges, further actions will be transparent to the user.”
The only workaround provided for this vulnerability is not to accept pairing nor connection requests from unknown sources.
In related news, Windows Mobile 6.0 and 6.1 users will be glad to find out that the Windows Marketplace for Mobile will work for them as well (details here).
Tags: HTC, Windows Mobile, Bluetooth
And as if having access to your precious data was not enough, it seems that the attacker could also upload malicious code via Bluetooth to your device. So the next time you want to connect to an untrusted device via Bluetooth, think twice about it.
Advertising
The problem stems from the fact that the same vulnerable Bluetooth driver is used by HTC on many WinMo-powered devices: Touch Diamond, Touch Pro, Touch Cruise, Touch Find, S710 and S740 to name but a few. Any HTC device powered by the following operating systems is vulnerable:
Windows Mobile Professional
Windows Mobile 6 Standard
Windows Mobile 6.1 Professional
Windows Mobile 6.1 Standard
Additional details on this vulnerability are provided by Alberto Moreno Tablado, the one who brought the issue to light: “HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. This can be leveraged for code execution by writing to a Startup folder. The only requirement [to exploit the vulnerability] is that the attacker must have authentication and authorization privileges over Bluetooth. Pairing up with the remote device should be enough to get it; however, more sophisticated attacks, such as sniffing the Bluetooth pairing, linkkey cracking and MAC address spoofing, can be used in order to avoid this. In case the attacker succeeded in getting the proper privileges, further actions will be transparent to the user.”
The only workaround provided for this vulnerability is not to accept pairing nor connection requests from unknown sources.
In related news, Windows Mobile 6.0 and 6.1 users will be glad to find out that the Windows Marketplace for Mobile will work for them as well (details here).
Tags: HTC, Windows Mobile, Bluetooth
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 09 Sep 2011
The first news in this article is that HTC, the Taiwanese manufacturer of smartphones, filed a lawsuit against Cupertino-based software developer Apple, claiming that Apple is infringing on several of its 
By George Norman on 13 Jan 2012
For using the Google-developed mobile operating system Android on its tablets, mobile phones, and other devices, LG has to give money to Microsoft. The same applies forAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Windows Mobile 6.0 and 6.1 Users Beware of Bluetooth Vulnerability
HTML Linking Code
HTML Linking Code