HTC offers fix for Bluetooth security flaw!!!

[gutrrob]

HTC offers fix for Bluetooth security flaw

HTC is offering a fix for a Bluetooth security vulnerability for several of its handsets. The fix was issued for the HTC Touch models. Although HTC did not specify exactly what problem it was fixing, the fix coincides with security researcher Alberto Moreno Tablado's discovery which he made public when HTC did not issue a fix after he alerted the company in February.

"Microsoft states this is a 3rd party driver developed by HTC and installed on HTC devices running Windows Mobile, so the vulnerability only affects to this vendor specifically," Tablado wrote. "A remote attacker (who previously owned authentication and authorization rights) can use tools like ObexFTP or gnomevfs-ls from a linux box to traverse to parent directories out of the default Bluetooth shared folder by using ../ or .. marks."

Authentication or Authorization rights could be gotten by pairing the HTC handset with a Bluetooth device, or more complication solutions would include spoofing the MAC address or include sniffing the Bluetooth pairing. Once obtained, an attacker can navigate can access or modify any file stored on the device without the user being aware of the attack.

The fix comes in the hotfix BLA_S00279.exe file which you can download to your device and run. Once it is completed it will soft-reset your device. You can get it from:
http://www.htc.com/europe/SupportDownload.aspx?p_id=133&cat=0&dl_id=609

[mikee4fun]

Attached is the .exe which needs to be ran on the device. Simply extract it and copy it over to the device. Taking a look at it, it looks like they just patched a lot of blue tooth items


Setup.xml below

<wap-provisioningdoc>
<characteristic type="Install">
<parm name="InstallPhase" value="install" />
<parm name="SetupDLL" value="1" />
<parm name="OSVersionMin" value="3.0" />
<parm name="OSVersionMax" value="4.21" />
<parm name="BuildNumberMin" value="0" />
<parm name="BuildNumberMax" value="-536870912" />
<parm name="UnsupportedPlatforms" value="JUPITERHPC" />
<parm name="AppName" value="HotFix BLA_S00279" />
<parm name="InstallDir" value="%CE1%\BLA_S00279" translation="install" />
<parm name="NumDirs" value="2" />
<parm name="NumFiles" value="15" />
<parm name="NumRegKeys" value="1" />
<parm name="NumRegVals" value="1" />
<parm name="NumShortcuts" value="0" />
</characteristic>
<characteristic type="FileOperation">
<characteristic type="\temp" translation="install">
<characteristic type="MakeDir" />
<characteristic type="obexfile.dll" translation="install">
<characteristic type="Extract">
<parm name="Source" value="obexfile.001" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="btpropext.dll" translation="install">
<characteristic type="Extract">
<parm name="Source" value="BTPROP~1.002" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="btfsd.dll" translation="install">
<characteristic type="Extract">
<parm name="Source" value="000btfsd.003" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="BTDisk.dll" translation="install">
<characteristic type="Extract">
<parm name="Source" value="00BTDisk.004" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="btctxmenu.dll" translation="install">
<characteristic type="Extract">
<parm name="Source" value="BTCTXM~1.005" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="felvop.exe" translation="install">
<characteristic type="Extract">
<parm name="Source" value="00felvop.006" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="btrenamedir.exe" translation="install">
<characteristic type="Extract">
<parm name="Source" value="BTRENA~1.007" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="btlauncher.exe" translation="install">
<characteristic type="Extract">
<parm name="Source" value="BTLAUN~1.008" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="BTFtpClient.exe" translation="install">
<characteristic type="Extract">
<parm name="Source" value="BTFTPC~1.009" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="btdwake.exe" translation="install">
<characteristic type="Extract">
<parm name="Source" value="0btdwake.010" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
</characteristic>
<characteristic type="\Windows" translation="install">
<characteristic type="MakeDir" />
<characteristic type="CM_Entries.xml" translation="install">
<characteristic type="Extract">
<parm name="Source" value="CM_ENT~1.011" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="CheckFile.exe" translation="install">
<characteristic type="Extract">
<parm name="Source" value="CHECKF~1.012" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="Platformxxx.reg" translation="install">
<characteristic type="Extract">
<parm name="Source" value="PLATFO~1.013" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="__cusTSKTEMP.exe" translation="install">
<characteristic type="Extract">
<parm name="Source" value="00custsk.014" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
<characteristic type="Customize.lst" translation="install">
<characteristic type="Extract">
<parm name="Source" value="CUSTOM~1.015" />
<parm name="NoSkip" />
</characteristic>
</characteristic>
</characteristic>
</characteristic>
<characteristic type="Registry">
<characteristic type="HKCU\Software\HTC\Customize">
<parm name="Ver" value="1.0" datatype="string" />
</characteristic>
</characteristic>
</wap-provisioningdoc>

[ksg]

Thank you for bringing this to our attention. Good find!