HTC smartphones running on WinMo 6 or 6.1 are hackable via a Bluetooth attack, claims a new report by security researcher, Alberto Moreno Tablado.
He claims the vulnerability is found only in HTC phones because of its driver that is prone to a directory traversal hack in the Bluetooth OBEX FTP service. The hack, if successful could allow hackers to navigate through the hijacked phone’s shared browser and then into other folders, enabling them to retrieve the phone’s contacts, e-mails and other multimedia content.
The driver, obexfile.dll is the file that allows to do the damage and is found in most of the HTC phones available in the market running WinMo 6 or 6.1.
The only workaround until HTC fixes the exploit remains in the hands of the consumers. Users should not accept any untrusted Bluetooth connection or shouldn’t pair with the phones or devices that are not known to them.
More details over here.