Added on 16 Jul 2009(1230 Views)
If you have an HTC smartphone powered by the Microsoft developed operating system Windows Mobile 6.0 or Windows Mobile 6.1, then you should be made aware of the fact that your device may be hacked. There is a Bluetooth vulnerability affecting Windows Mobile 6.0 and 6.1-powered HTC smartphones that if exploited by a person with malicious intent could allow that person access to any and all files stored on the device. And as if having access to your precious data was not enough, it seems that the attacker could also upload malicious code via Bluetooth to your device. So the next time you want to connect to an untrusted device via Bluetooth, think twice about it.
The problem stems from the fact that the same vulnerable Bluetooth driver is used by HTC on many WinMo-powered devices: Touch Diamond, Touch Pro, Touch Cruise, Touch Find, S710 and S740 to name but a few. Any HTC device powered by the following operating systems is vulnerable:
Windows Mobile Professional
Windows Mobile 6 Standard
Windows Mobile 6.1 Professional
Windows Mobile 6.1 Standard
Additional details on this vulnerability are provided by Alberto Moreno Tablado, the one who brought the issue to light: “HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. This can be leveraged for code execution by writing to a Startup folder. The only requirement [to exploit the vulnerability] is that the attacker must have authentication and authorization privileges over Bluetooth. Pairing up with the remote device should be enough to get it; however, more sophisticated attacks, such as sniffing the Bluetooth pairing, linkkey cracking and MAC address spoofing, can be used in order to avoid this. In case the attacker succeeded in getting the proper privileges, further actions will be transparent to the user.”
The only workaround provided for this vulnerability is not to accept pairing nor connection requests from unknown sources.
In related news, Windows Mobile 6.0 and 6.1 users will be glad to find out that the Windows Marketplace for Mobile will work for them as well (details here).
Don't forget to:
RSSTags: HTC, Windows Mobile, Bluetooth
Link to this article:
Add comment:
Software News
Chromium OS Goes Open-Source
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
This summer Google let the world know that it is working on a new operating system meant for the user that spends most of his time online. The operating system – aptly named Chrome OS because it is a natural extension...
20 Nov 2009
Office 2010 Beta Downloads Available to the Public
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
Earlier this week Redmond-based software giant Microsoft announced that Office 2010 became available for download as a Beta. The catch was that only ...
20 Nov 2009
Mozilla Releases: Firefox 3.6 Beta 3
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
The development process of the Firefox 3.6 browser is moving along rapidly. The first Beta version was released at the start of the month; Beta 2 was released about two weeks after Beta 1. About a week has passed since...
20 Nov 2009
New Labs Feature for Gmail: Green Robot!
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
The software developers at Google have announced the release of a new Gmail Labs offering called Green Robot! This new offering is meant to improve the Gmail Chat user experience by letting the ...
20 Nov 2009
Opera Mobile 10 Beta for Windows Mobile Is Out Also
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
Opera Software, the company that we all know for making the innovative and feature rich Opera web browser, has released Opera Mobile 10 Beta for Windows Mobile-powered devices. This release follows in the...
19 Nov 2009
Beta Testing is Over, Stable Version of Trillian for iPhone Released
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
The focus so far has been on desktop version of this multiprotocol instant messaging software application, Trillian Astra (version 4.1). Today is time to switch focus away from the desktop version and onto something a bit more...
19 Nov 2009
Recommended Tools
Registry Booster 2010 Enhanced, deeper and faster error scan performance. Now also in 5 languages! Free Scan
Driver Scanner 2009
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
SpeedUpMyPC 2009
How fast is your PC really running? Turbo-charge your Internet and PC performance here
How fast is your PC really running? Turbo-charge your Internet and PC performance here
Nero Burning ROM
LimeWire Basic
Yahoo! Messenger
Winamp
Mozilla Firefox
eMule
BitComet
iTunes
Google Earth
uTorrent