Patch for HTC smartphones

HTC has released a security patch for its HTC Touch Diamond, Touch Pro and Touch HD smartphones to fix a security vulnerability in a Bluetooth driver. The devices run Windows Mobile 6 and Windows Mobile 6.1.

The problem is caused by a directory traversing vulnerability in the Bluetooth OBEX FTP server, which allows an attacker to access files outside of the permitted directory. To achieve this, an attacker merely needs to insert one or more strings for switching to the parent directory in front of the path ("../" or "..\\"). This allows an attacker to upload files to a device or sniff out data.

The bug was discovered by Alberto Moreno Tablado earlier this year, but he initially assumed it was a bug in Windows Mobile. It subsequently became clear that the problem was in a HTC driver. According to Tablado, HTC was informed of the problem in February.

See also:

• Hotfix to enhance the security mechanism of Bluetooth service for HTC Touch Diamond/Touch Pro/Touch HD, a support bulletin from HTC.
• HTC / Windows Mobile OBEX FTP Service Directory Traversal Vulnerability, a report from Alberto Moreno Tablado.
• Windows Mobile Bluetooth vulnerability allows access to any files, a report from The H.

(djwm)