Object Exchange Protocol (OBEX) has the following potential security risk:
OBEX supports plug-in services from third-party vendors. If these extensions do not use proper security and authentication procedures, they could compromise the security of a device or local network.
OBEX is a session layer protocol that allows devices to exchange data in a simple and spontaneous manner. The protocol can be supported over a variety of transports. In Windows Embedded CE, the supported transports are over IrDA and Bluetooth transmission technologies. OBEX provides security support by incorporating an authentication mechanism that uses a challenge and response scheme. Any connection attempts that do not pass the authentication procedure are disallowed.
You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.
For OBEX registry information, see OBEX Registry Settings.