Hole in your Bluetooth: Are you vulnerable?

We'll preface this post by saying that all security threats should be considered serious, though some are more serious than others. Case in point: The recent realization by Seguridad Mobile [via] that a hole in the Windows Mobile 5 & 6 Bluetooth stack could allow someone to snoop around your phone, download files, or upload malicious files.

In a nutshell, we're talking file sharing. Normally when you share files with someone over Bluetooth (be it a friend or a PC), you're limited to a couple directories by default. But by exploiting this hole, someone could really wreak havoc with your phone. But to do so takes some work — and previous authentication privilages with your phone. In other words, you probably don't have to worry about someone just walking by and stealing your data. But now you know about the threat, and knowing is half the battle.

That said, here are a couple of Bluetooth safety reminders:

  • If you're not using Bluetooth, turn it off. Your battery will thank you.
  • If you do use Bluetooth, don't allow other devices to see it at will. (See the unchecked box here.)

In other words, don't talk to strangers.

Dieter Bohn