If you own a mobile phone made by HTC and connect using Bluetooth, there's a decent chance security researcher Alberto Moreno Tablado can rummage through sensitive files stored on the device using a critical bug in some of its wireless device features. The directory traversal flaw resides in the File Transfer Profile (OBEX FTP) …
I used to quite enjoy my HTC tyan a couple of years back. I always thought they were quite good until my nokia N95 and now N97. You could install so much stuff on those HTC phones even years ago. If you didnt mind it crashing everyday!!
What are the chances!?
I understand it may be a vulnerability but the chance of this actually happening are tiny. Considering you would have to stay with 10m of the hacker while firstly he had to anonymously pair with your handset which is not the easiest thing to do, then set up the FTP connection.
* Snigger * Can't resist
My HTC runs Linux... (Android) So I guess it's using bluez. So I guess I can relax.
The temptation to post a wee piece of Linux vs Windows trollery in an HTC context has obviously proved too much :oD
"A spokesman for HTC America didn't immediately return a phone call seeking comment for this article."
Did you call him on his mobile? :-)
Mine's the one with the iPhone in the pocket, thanks
"I understand it may be a vulnerability but the chance of this actually happening are tiny. Considering you would have to stay with 10m of the hacker while firstly he had to anonymously pair with your handset which is not the easiest thing to do, then set up the FTP connection.
two words for you: YAGI aeiral - http://gizmodo.com/019057/imterview-with-bluetooth-hacking-flexiliss-john-hering - oh yes, the bluesnipe rifle! Using carefully crafted antenas and a class 3 device rxtends the range you can snarf (and presumably use this exploit) to about 1 MILE.
Wake up divot, you don't know everything....
don't expect to hear anything useful back from htc ever on this tbh (well, maybe some lip service) - existing devices with this problem will _never_ be fixed - only devices that haven't yet come out will have the required patch - this is how htc work - once you've bought one of their f*ck-off expensive handsets they stick 2 fingers up at you and tell you to go swivel (if they bother responding at all) when you ask for some support (or they'll lie to you about graphics drivers etc).