Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Mobile Security / Security Flaw Found in HTC Phones
Major Security Flaw Found in HTC Android Phones
Major Security Flaw Found in HTC Android Phones
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus

A recently discovered security flaw in HTC Android phones could make users' personal data vulnerable. According to reports, the flaw allows most apps to read the personal information in at least some HTC models.

The issue was first brought to light by developer Trevor Eckhart, who was examining the inner workings of software on HTC's EVO 3D, EVO 4G, Thunderbolt and other models. Along with Android experts Artem Russakovskii and a blogger who goes by the pseudonym Justin Case, the team found that HTC has introduced logging tools in recent updates.

The loggers collected a large amount of data about user activity, presumably to monitor performance, provide for remote analysis, or other reasons, although the exact reason for the data collection is unknown.

Emails, Phone Numbers, GPS

The team discovered that the data is not secured, and that any app requesting permission to connect to the web or to show an ad can get access to the collected data. The collected information can include a list of email addresses and other information about user accounts, a history of GPS locations, stored phone numbers, SMS data, and system logs.

Other information that may be exposed includes notifications, IP addresses, system data and logs, information on installed apps, content providers, battery status and other data.

Normal expectations are that an app seeking to connect to the web obtains access only to what is allowed by their request. For example, an app requesting web access would not be able to obtain stored phone numbers.

According to the investigation, virtually any app can gain access to this information, and it could be possible to clone a device using this data. The app also has permission to send this information to anyone on the web, without the user's knowledge. The team said it informed HTC of the issue on Sept. 24, but, after five days with no reply, they went public Friday.

Some observers are suggesting that, although specific HTC models were cited, it is possible a variety of other HTC devices could be affected as well, particularly those running HTC Sense.

'Have To Be on Their Toes'

Russakovskii blames HTC for the vulnerability, contending that the handset maker set up the environment this way. HTC has not yet issued a statement or a fix.

The HTC vulnerability raises questions about the security of Google's open-source Android mobile operating system.

In August, security firm McAfee noted that malware for Android had increased by 76 percent over the previous three months. While the total amount of malware is still smaller than that for, say, Symbian, Android will become a bigger target as Symbian fades out.

Avi Greengart, an analyst with industry research firm Current Analysis, said that "vendors always have to be on their toes" about security issues. He added that the issue appears to "be something wrong about the way HTC is implementing Android" and there is currently no evidence to believe there are fundamental security issues with the platform.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.