HTC Offers Hot Fix for Bluetooth Driver Vulnerability Found in Windows Mobile Phones
- 0 Comments
It’s great to have an HTC Windows Mobile 6.0 or 6.1 smartphone for a lot of reasons, but it’s also a risk to use it if you haven’t yet made use of the hotfix for the phone’s Bluetooth driver vulnerability.
Hacked via Bluetooth
Handset models from Windows Mobile like the S710 and S740, Touch Find, Touch Cruise, Touch Pro, and Touch Diamond are vulnerable because all of them use the same Bluetooth driver, ‘obexfile.dll’. That particular file, which is HTC-specific, is what makes all your files in your phone subject to hacking, according to Alberto Moreno Tablado, a security researcher.
How to Minimize Damage from Bluetooth Driver Vulnerability
Until you haven’t yet installed the hot fix provided by HTC, there are a number of things you can do to reduce chances of getting hacked.
Firstly, avoid accepting Bluetooth connection from any unknown device. Random and indiscreet acceptance of Bluetooth connection is like leaving your door open for burglars to come in and raid your home.
Secondly, disable the file-sharing function of your Bluetooth. Consider this as an extra step of prevention in the event that you accidentally press the accept button for any Bluetooth connection.
If you have compiled a list of trusted or paired devices in your mobile phone, that list would have to go. Hackers might already have found their way to that list without you knowing. It’s entirely possible especially when you have occasionally lent your phone to other people.
Overall, it’s best to avoid using your Bluetooth connection as much as possible. Inform your friends about it and request for identity or device confirmation via SMS or phone if you do have a need to use your Bluetooth connection.
Hotfix Provided
It was only early this year that Alberto Moreno Tablado reported his discovery of a bug in the Bluetooth driver used by the HTC Windows Mobile phones. The OBEX FTP directory traversal attack can cause damage depending on two conditions: firstly, your Bluetooth must be switched on; secondly, the file sharing of your Bluetooth connection must be enabled. If these two conditions are met then a hacker can explore not only the shared folder of your Bluetooth but other folders as well. Hackers can access all files saved in your phone, from pictures to contact lists to videos. They can also upload files in your phone without you knowing it.
When Moreno Tablado’s earlier report to HTC went ignored, he then decided to disclose the issue to the public. The day after, a hot fix was provided by the company.