Peaches Posted January 29, 2009 Report Share Posted January 29, 2009 28 January 2009, Windows Mobile Bluetooth vulnerability allows access to any files A directory traversing vulnerability in the Bluetooth OBEX-FTP server of Windows Mobile 6 allows attackers to access files outside of the permitted list. According to the report, using "../" or "..\\" as part of the path name, is sufficient to traverse to other directories. An attacker could use the technique to copy files from a device, or to install their own software, such as a key logger, or other spyware. The issue does require that the targeted hand held device is paired with the attacking device, which is usually only possible with the owner's consent. There are, though, situations where a user may wish to restrict access to their files for paired devices, and the problem means that these restrictions are only partially effective. Alberto Moreno Tablado, who discovered the bug, has published a detailed guide to the problem. See also: Microsoft Bluetooth Stack OBEX Directory Traversal, report by Alberto Moreno Tablado (djwm) Heise security: http://www.heise-online.co.uk/security/Win...s--/news/112510 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.