Windows Mobile 6.0 and 6.1 Users Beware of Bluetooth Vulnerability
If you have an HTC smartphone powered by the Microsoft developed operating system Windows Mobile 6.0 or Windows Mobile 6.1, then you should be made aware of the fact that your device may be hacked. There is a Bluetooth vulnerability affecting Windows Mobile 6.0 and 6.1-powered HTC smartphones that if exploited by a person with malicious intent could allow that person access to any and all files stored on the device.
And as if having access to your precious data was not enough, it seems that the attacker could also upload malicious code via Bluetooth to your device. So the next time you want to connect to an untrusted device via Bluetooth, think twice about it.
The problem stems from the fact that the same vulnerable Bluetooth driver is used by HTC on many WinMo-powered devices: Touch Diamond, Touch Pro, Touch Cruise, Touch Find, S710 and S740 to name but a few. Any HTC device powered by the following operating systems is vulnerable:
Windows Mobile Professional
Windows Mobile 6 Standard
Windows Mobile 6.1 Professional
Windows Mobile 6.1 Standard
Additional details on this vulnerability are provided by Alberto Moreno Tablado, the one who brought the issue to light: “HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. This can be leveraged for code execution by writing to a Startup folder. The only requirement [to exploit the vulnerability] is that the attacker must have authentication and authorization privileges over Bluetooth. Pairing up with the remote device should be enough to get it; however, more sophisticated attacks, such as sniffing the Bluetooth pairing, linkkey cracking and MAC address spoofing, can be used in order to avoid this. In case the attacker succeeded in getting the proper privileges, further actions will be transparent to the user.”
The only workaround provided for this vulnerability is not to accept pairing nor connection requests from unknown sources.
In related news, Windows Mobile 6.0 and 6.1 users will be glad to find out that the Windows Marketplace for Mobile will work for them as well (details here).
And as if having access to your precious data was not enough, it seems that the attacker could also upload malicious code via Bluetooth to your device. So the next time you want to connect to an untrusted device via Bluetooth, think twice about it.
The problem stems from the fact that the same vulnerable Bluetooth driver is used by HTC on many WinMo-powered devices: Touch Diamond, Touch Pro, Touch Cruise, Touch Find, S710 and S740 to name but a few. Any HTC device powered by the following operating systems is vulnerable:
Windows Mobile Professional
Windows Mobile 6 Standard
Windows Mobile 6.1 Professional
Windows Mobile 6.1 Standard
Additional details on this vulnerability are provided by Alberto Moreno Tablado, the one who brought the issue to light: “HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. This can be leveraged for code execution by writing to a Startup folder. The only requirement [to exploit the vulnerability] is that the attacker must have authentication and authorization privileges over Bluetooth. Pairing up with the remote device should be enough to get it; however, more sophisticated attacks, such as sniffing the Bluetooth pairing, linkkey cracking and MAC address spoofing, can be used in order to avoid this. In case the attacker succeeded in getting the proper privileges, further actions will be transparent to the user.”
The only workaround provided for this vulnerability is not to accept pairing nor connection requests from unknown sources.
In related news, Windows Mobile 6.0 and 6.1 users will be glad to find out that the Windows Marketplace for Mobile will work for them as well (details here).
