Most Windows Mobile 5.0 & 6 devices are shipped with Microsoft Bluetooth stack, only few of them use others (like Widcomm Bluetooth stack). Among all the Bluetooth services that may be implemented in the stack, OBEX FTP is the most common service.
OBEX FTP Bluetooth service can be used to share files through Bluetooth, not only by sending files but also by allowing remote devices to browse local shared folders and download files.
...
There exists a Directory Traversal vulnerability in the OBEX FTP Service in Microsoft Bluetooth Stack implemented in Windows Mobile 5.0 & 6 devices. A remote attacker (who previously owned authentication and authorization rights) can use tools like ObexFTP or gnomevfs-ls to traverse to parent directories out of the default Bluetooth shared folder by using ../ or ..\\ marks. This means the attacker can browse folders located on a lower level, download files contained in those folders as well as upload files to those folders.
The only requirement is that the attacker must have authentication and authorization privileges over the OBEX FTP service. Pairing up with the remote Windows Mobile device should be enough to get it. In case the attacker succeeded in getting the proper privileges, further actions will be transparent to the user
...
http://www.seguridadmobile.com/wind...soft-Bluetooth-Stack-Directory-Traversal.html
I don't see this as a vulnerability, it has its good and bad use. the only way for to even get in to the device is to pair with the device, and only an Ass-hat would actually pair a device they don't know.
I think there was an app called bluetooth explorer which allows the option to explore folders on the connected device (don't really remember if that was the name)
can someone please tell which other mobile OS offers the option to send files over bluetooth? I'm just curious, I think WinMo offers this but I don't want to sound like an ass-head declaring this as fact.
it would be a real vulnerability if the attacker could do all that without any user intervention
Related
Is there any secret to sending files to bluetooth devices like the XDA II (or Sony Clie for that matter) via the OS X bluetooth file exchange software. If I try to connect to my previously bonded/paired XDA or Clie to send a file or browse the device, the Mac s/w says something like 'device doesn't have the required services'.
I can use Drag'n'tooth, Missing Sync or PocketMac to sync via bluetooth, mount the devices etc... so I'm not sure why the free bluetooth file exchange doesn't work...
B
File Explorer does not support Bluetooth file trasnfer , I am using JAS/JAR running WM2005. AM I missing something?
there is a registry change you can make to add support for this - see http://wiki.xda-developers.com/index.php?pagename=Universal_Registry under To change the ability to receive files via Bluetooth (OBEX)
i've not tried this myself, though!
If you don't mind spending on 3rd party software then Resco File Explorer may be your best set and they now have a WM5 compatible version.
Likewise to transfer from your PC to the phone your windows PC file explorer should manage it provided your device is paired. But don't forget to turn on the bluetooth on the device and also the "accept all incoming beams" as this is often confused as being mandatory for IR transfers only.
Kind Regards
access is denied
when i try to change values it give me error of access is denied, can anybody help me
failed
followed all the changes mentioned in this post and try to send a file to my PC. It recognizes my PC but when i click on tap to send...it tries for a few seconds and then gives a status saying failed
I think it is at your PC end, and I have had similar problems depending on the bluetooth setup that I had on the pc, I could activesync on bluetooth, but not send files, yet on an alternative machine I could do both. They were running different bluetooth dongles and thus settings and drivers.
I am not sure if this is already posted elsewhere because I did a search and couldn't find that.
Does anyone know how to change the home folder for bluetooth recieved files? I need to change that to recieve files directly to my MicroSD card not in the main memory (which has not enough space most of the time).
Any help?
It looks that you cannot specify the directory for bluetooth incoming files.
MS Bluetooth stack does not have such a option.
You can solve a part of this problem by using "Dr.Yar bluetooth 1.51" software. It will add FTP bluetooth profile for your phone and it will give you a ability to choose the folder for saving files.
But!
Some sending devices use OBEX file transfer instead of using FTP bluetooth file transfer. For this cases standard MS OBEX profile will be used and files will be saved into "/My Documents" folder.
This software works great; be sure to double-click the bluetooth icon to Start the program.
bobstarina said:
It looks that you cannot specify the directory for bluetooth incoming files.
MS Bluetooth stack does not have such a option.
You can solve a part of this problem by using "Dr.Yar bluetooth 1.51" software. It will add FTP bluetooth profile for your phone and it will give you a ability to choose the folder for saving files.
But!
Some sending devices use OBEX file transfer instead of using FTP bluetooth file transfer. For this cases standard MS OBEX profile will be used and files will be saved into "/My Documents" folder.
Click to expand...
Click to collapse
is there any kind of free software that will allow me to browse and transfer multipe files between to pda's via bluetooth?
I want this not for malicious acts but so that me an my wife can share pictures and info between our phones in a file explorer fashion instead of one at at time.
Hey!
I want to transfer (image) files between my android phone and a pc. Am I correct in assuming that as long as the phone is already configured and connected to the same wifi network as the pc, I just use standard java code (like sockets) to transfer the files to/from the phone?
If not, could anyone point me to the android specific way of exchanging files over wifi?
Look up WebSharing app in market
SwiFTP or Symbian
No no, it looks like I didn't word it right. I'm not after an existing app to transfer files.
The application that I'm coding does a lot more than just exchange files, it's just that I need to code some file exchange as part of the application.
JCIFS Samba, I believe is what you need.