HTC Offers Hot Fix for Bluetooth Driver Vulnerability Found in Windows Mobile Phones
It’s great to have an HTC Windows Mobile 6.0 or 6.1 smartphone for a lot of reasons, but it’s also a risk to use it if you haven’t yet made use of the hotfix for the phone’s Bluetooth driver vulnerability.
Hacked via Bluetooth
Handset models from Windows Mobile like the S710 and S740, Touch Find, Touch Cruise, Touch Pro, and Touch Diamond are vulnerable because all of them use the same Bluetooth driver, ‘obexfile.dll’. That particular file, which is HTC-specific, is what makes all your files in your phone subject to hacking, according to Alberto Moreno Tablado, a security researcher.
How to Minimize Damage from Bluetooth Driver Vulnerability
Until you haven’t yet installed the hot fix provided by HTC, there are a number of things you can do to reduce chances of getting hacked.
Firstly, avoid accepting Bluetooth connection from any unknown device. Random and indiscreet acceptance of Bluetooth connection is like leaving your door open for burglars to come in and raid your home.
Secondly, disable the file-sharing function of your Bluetooth. Consider this as an extra step of prevention in the event that you accidentally press the accept button for any Bluetooth connection.
If you have compiled a list of trusted or paired devices in your mobile phone, that list would have to go. Hackers might already have found their way to that list without you knowing. It’s entirely possible especially when you have occasionally lent your phone to other people.
Overall, it’s best to avoid using your Bluetooth connection as much as possible. Inform your friends about it and request for identity or device confirmation via SMS or phone if you do have a need to use your Bluetooth connection.
Hotfix Provided
It was only early this year that Alberto Moreno Tablado reported his discovery of a bug in the Bluetooth driver used by the HTC Windows Mobile phones. The OBEX FTP directory traversal attack can cause damage depending on two conditions: firstly, your Bluetooth must be switched on; secondly, the file sharing of your Bluetooth connection must be enabled. If these two conditions are met then a hacker can explore not only the shared folder of your Bluetooth but other folders as well. Hackers can access all files saved in your phone, from pictures to contact lists to videos. They can also upload files in your phone without you knowing it.
When Moreno Tablado’s earlier report to HTC went ignored, he then decided to disclose the issue to the public. The day after, a hot fix was provided by the company.
Driver Issues with Linux Kernel
With Linux kernel having its considerable share of driver issues, this article will hopefully lay some of them to rest.
New Security Update to Fix Linux Kernel Vulnerabilities
Linux kernel is far from perfect and its latest security update, announced last July 28th, was developed to fix four key vulnerabilities, one of which dealt with network drivers. The other three concerned page table roots, personality flags, and validation of buffer sizes with eCryptfs.
As for the RTL8169 network driver, buffer size validation was also a problem. Michael Tokarev, who discovered this particular vulnerability with Linux kernel, showed that any remote hacker on the local area network (LAN) could cause the entire system to crash or gain increased privileges.
The security update is strongly recommended for users of 9.04, 8.10, 8.04 LTS, and 6.06 LTS of Ubuntu. Users of Xubuntu, Edubuntu, and Kubuntu are also encouraged to install the update.
No More X11 Video Drivers
If you want to use something else beside the X11 video driver with your Linux kernel then you simply have to get a hold of Ubuntu 9.10. X11 video driver will be replaced by the kernel mode setting, which is enabled by default for Intel-based vido cards. This means that the kernel mode setting is now responsible for all graphic mode configurations of your console.
This setup not only allows a number of programs to run faster but also simplifies video infrastructure. When kernel problems arise, this setup also makes debugging easier for developers.
While normal users shouldn’t expect huge changes, they may notice a bit of improvement when it comes to switching between virtual terminals and consoles or between different user accounts.
Ubuntu 9.10 will be released on October.
Microsoft Help with Driver Source Code May Be Too Late
According to the Software Freedom Law Center, Microsoft has violated the GNU General Public License (GPLv2) when it combined open source or free software code with its own closed source software for its Hyper V device, which is prohibited by the GPL.
Of course, Microsoft had tried to make up for its ‘oversight’ by subsequently releasing over twenty thousand lines of source code to the Linux kernel project. This move is not, however, without any benefits for Microsoft. If and when it is accepted, it could make Linux run better when it’s used under Hyper-V virtualization – something which can be considered as a pre-emptive move to prevent users from switching to Linux completely.
Can Chrome Laptop Driver from Google Beat Microsoft?
To see is to believe, but Google is confident enough to let the public know about the new operating system they’re hard at work developing. This might as well be a challenge issued against the indisputable leader in the software industry.
What’s Chrome All About?
This new laptop driver from Google is specially designed for individuals who ‘live on the web’ and works best with netbooks – the kind of laptop that’s more popular with budget-conscious users because of its affordability. Of course, it’s also less powerful than most laptops, but this doesn’t bother its owners when all the latter wants is to surf the net and that’s certainly something netbooks can do.
Google, however, envisions its future OS to be used with full-sized desktops as well.
At present, the company estimates the number of users of their Chrome Internet browser to be at thirty million – not a bad figure considering it’s only been out for nine months. The Chrome browser will be incorporated with its new OS.
Chrome is admittedly a potential threat to the Richmond-based software giant, Microsoft, which has been the leader in its industry for over twenty years. Google describes its new laptop driver as a ‘natural extension’ of what Chrome – the Internet browser – could do and an ‘attempt to rethink what operating systems should be’.
Chrome will be launched mid-2010. Engineering director Linus Upson and Product Management VP Sundar Pichai stated in the company’s website that the new OS was designed for those ‘who live on the web’. These individuals commonly use their netbooks to keep in touch with friends, shop, catch up on the news, check their email, or simply search the Internet for information.
Google believes that the operating systems currently used by browsers may be lacking because they were designed in an ‘era where there was no web’. With its new laptop driver, the company aims to completely redesign ‘the underlying security architecture of the OS’. More specifically, it hopes to prevent users from being troubled by viruses, malware, or even the inconvenience of security updates.
Android, an operating system that had been released a short time in the past by Google, was designed for mobile phones but may also be installed on netbooks. Google, however, aims for its new laptop driver to be operable even with larger machines.
These developments are considered to have ‘widespread implications’ by CNET’s Stephen Shankland. It shows the company’s determination to make the Internet function as an integral foundation not only for static pages but also for active applications, too. Certainly, it also means competition for Microsoft, but more importantly, these moves may also require the attention of anti-trust regulators.