Windows Mobile Bluetooth Security Hole

A rather serious security flaw has been discovered in the Bluetooth stack of both Windows Mobile 5.0 and Windows Mobile 6.0 phones. This vulnerability allows an authorized and paired Bluetooth device to browse specific specified directories on your Windows Mobile phone, but it gets worse, as it seems that the attacker is able to break out of this limitation and copy files to and from anywhere on your smartphone. A possible scenario would be that the attacker can copy the PIM.vol file from your device, thus having all your contacts, calendar and task, or even placing a Trojan program in your device’s startup directory. There currently isn’t a patch for this yet, so do be careful when authorizing devices to pair over Bluetooth.