James Delahunty
16 Jul 2009 18:43
Security researcher Alberto Moreno Tablado has reported a security flaw with the File Transfer Profile service that's built in to the Bluetooth stack implemented by HTC. Despite contacting HTC about this problem in February, no fix has been issued, prompting Tablado to go public. The security vulnerability could allow an attacker to view and edit sensitive files stored on a device.
"Microsoft states this is a 3rd party driver developed by HTC and installed on HTC devices running Windows Mobile, so the vulnerability only affects to this vendor specifically," Tablado says. "A remote attacker (who previously owned authentication and authorization rights) can use tools like ObexFTP or gnomevfs-ls from a Linux box to traverse to parent directories out of the default Bluetooth shared folder by using ../ or .. marks."
Authentication or Authorization rights could be gotten by pairing the HTC handset with a Bluetooth device, or more complication solutions would include spoofing the MAC address or include sniffing the Bluetooth pairing. Once obtained, an attacker can navigate can access or modify any file stored on the device without the user being aware of the attack.
More info: http://www.seguridadmobile.com/...