James Delahunty
17 Jul 2009 16:22
HTC is offering a fix for a Bluetooth security vulnerability for several of its handsets. The fix was issued for the HTC Touch models. Although HTC did not specify exactly what problem it was fixing, the fix coincides with security researcher Alberto Moreno Tablado's discovery which he made public when HTC did not issue a fix after he alerted the company in February.
"Microsoft states this is a 3rd party driver developed by HTC and installed on HTC devices running Windows Mobile, so the vulnerability only affects to this vendor specifically," Tablado wrote. "A remote attacker (who previously owned authentication and authorization rights) can use tools like ObexFTP or gnomevfs-ls from a Linux box to traverse to parent directories out of the default Bluetooth shared folder by using ../ or .. marks."
Authentication or Authorization rights could be gotten by pairing the HTC handset with a Bluetooth device, or more complication solutions would include spoofing the MAC address or include sniffing the Bluetooth pairing. Once obtained, an attacker can navigate can access or modify any file stored on the device without the user being aware of the attack.
The fix comes in the hotfix BLA_S00279.exe file which you can download to your device and run. Once it is completed it will soft-reset your device. You can get it from:
http://www.htc.com/europe/SupportDownload.aspx?p_id=133&cat=0&dl_id=609