HTC smartphones affected by Bluetooth vulnerability

Written by James Delahunty @ 16 Jul 2009 6:43 User comments (1)

Security researcher Alberto Moreno Tablado has reported a security flaw with the File Transfer Profile service that's built in to the Bluetooth stack implemented by HTC. Despite contacting HTC about this problem in February, no fix has been issued, prompting Tablado to go public. The security vulnerability could allow an attacker to view and edit sensitive files stored on a device.

"Microsoft states this is a 3rd party driver developed by HTC and installed on HTC devices running Windows Mobile, so the vulnerability only affects to this vendor specifically," Tablado says. "A remote attacker (who previously owned authentication and authorization rights) can use tools like ObexFTP or gnomevfs-ls from a Linux box to traverse to parent directories out of the default Bluetooth shared folder by using ../ or .. marks."

Authentication or Authorization rights could be gotten by pairing the HTC handset with a Bluetooth device, or more complication solutions would include spoofing the MAC address or include sniffing the Bluetooth pairing. Once obtained, an attacker can navigate can access or modify any file stored on the device without the user being aware of the attack.

More info: http://www.seguridadmobile.com/...

<PC digital downloads market to hit $1 billion this year? >Nokia Q2 profit drops 66 percent

1 user comment

116.7.2009 18:54

pollution

Send private message to this user

Member

I have a HTC phone. I always keep the bluetooth off unless needed, common sense.

The phone still works after me dropping it on cement and treating it like crap, its more durable than one might expect.

Comments have been disabled for this article.

	Android 16 will launch sooner than expected (01 Nov 2024 6:45) Google announced that upcoming Android 16 will break the traditional once-a-year cycle of major Android launches. Next Android is poised to launch in Q2 of 2025, so Android 16 should ship before end of June, 2025.
	Winamp ends its "open source" project that wasn't really open source (20 Oct 2024 11:12) Less than a month after the legendary MP3 player Winamp made its source code public, the company has made a sudden U-turn and removed its code from distribution. 2 user comments
	Winamp released its source code - but didn't go open source (25 Sep 2024 12:38) The source code of Winamp has now been officially released. However, it hasn't become a pure open-source project, as its licensing terms prohibit the creation of new, different versions.
	Does your phone rattle? Here's why it happens (25 Aug 2024 8:30) When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments
	CEO of Messaging App Telegram Arrested in France (25 Aug 2024 7:12) French authorities have detained Pavel Durov, CEO of the messaging service Telegram, amidst an ongoing investigation to determine whether Telegram moderates its platform adequately. 1 user comment

	Does your phone rattle? Here's why it happens When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments
	Guide: Phone battery drains quickly - how to fix (iPhone / Android) In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.
	What happens if you don't update Android? Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
	What IP rating for dust and water resistance means An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean? 1 user comment
	Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems. 1 user comment

HTC smartphones affected by Bluetooth vulnerability

1 user comment

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.
	Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging In our review, we take a look at Sharge's power bank that supports OnePlus SuperVOOC quick charging technology as well as standard USB PD charging. It has small design flaws, but despite those, the Pouch is very nice product. 1 user comment
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.