HTC Smartphones Vulnerable to Bluetooth Attack...

July 2009

If a user has an HTC smartphone running Windows Mobile 6 or Windows Mobile 6.1, the user may want to think twice before connecting to an untrusted device using Bluetooth. A vulnerability in an HTC driver installed on these phones can allow an attacker to access any file on the phone or upload malicious code using Bluetooth, a Spanish security researcher warned on July 14. “HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service,” a security researcher said in an e-mail exchange. HTC handsets running Windows Mobile 5 are not affected. For the attack to work, the targeted device must have Bluetooth enabled and file sharing over Bluetooth activated. “This connection can be done either by standard Bluetooth pairing or taking advantage of the Bluetooth MAC spoofing attack,” the researcher said, referring to a process where the attacking device attempts to convince the target that it is another device on its list of paired devices. The directory traversal vulnerability allows an attacker to move from a phone’s Bluetooth shared folder into other folders, giving them access to contact details, e-mails, pictures or other data stored on the phone. They can use this access to read files or upload software, including malicious code. Because the driver, obexfile.dll, is an HTC driver, only handsets from the company are affected. However, HTC is the world’s largest manufacturer of Windows Mobile handsets, selling phones under its own brand as well as making phones under contract for other companies. That means millions of users are potentially vulnerable.