First off, don’t ever accept Bluetooth connections from untrusted or unknown sources. Especially if you own a Windows Mobile 6.0 or 6.1 smartphone from HTC. As long as you keep an eye on your Bluetooth connection, you’ll be fine. Otherwise, you might end up getting your WinMo-powered HTC device hacked via Bluetooth.
The problem: HTC uses the same hack-able Bluetooth driver in many of its Windows Mobile handsets, including the Touch Diamond, Touch Pro, Touch Cruise, Touch Find, S710 and S740. This “obexfile.dll” driver is an HTC-specific driver that is vulnerable to “a directory traversal vulnerability in the Bluetooth OBEX FTP Service,” according to security boffin Alberto Moreno Tablado. HTC WinMo devices with Bluetooth and Bluetooth file-sharing enabled are at risk.
What can you do to prevent this from ever happening? Well, like I mentioned above – DO NOT accept untrusted Bluetooth connection. Disable file-sharing over Bluetooth for that extra layer of security. You’ll also want to delete your list of previously paired devices, as nefarious hackers can masquerade as a trusted device in order to gain access to your phone.
It’s unclear if HTC will issue an updated Bluetooth driver.
[Via: PCWorld]