02-02-09, 08:32 AM
|
#1 (permalink)
|
|
Aximsite Veteran
Join Date: Mar 2005
Location: Toronto
Posts: 1,093
Device: A1200,Moto-Q
Carrier: Rogers
Thanked 0 Times in 0 Posts
|
Microsoft Bluetooth Stack OBEX Directory Traversal Vulnerability
Just saw this vulnerability on all WM6 devices that use the Microsoft BT stack.
|
Quote:
|
A directory traversing vulnerability in the Bluetooth OBEX-FTP server of Windows Mobile 6 allows attackers to access files outside of the permitted list. According to the report, using "../" or "..\\" as part of the path name, is sufficient to traverse to other directories. An attacker could use the technique to copy files from a device, or to install their own software, such as a key logger, or other spyware.
The issue does require that the targeted hand held device is paired with the attacking device, which is usually only possible with the owner's consent. There are, though, situations where a user may wish to restrict access to their files for paired devices, and the problem means that these restrictions are only partially effective. Alberto Moreno Tablado, who discovered the bug, has published a detailed guide to the problem.
|
More detailed info here: Seguridad Mobile - Alberto Moreno
|
|
|
Follow Us
RSS Feed
Follow on Twitter
Facebook
YouTube
