Quantcast
Last updated on May 22, 2013 at 15:01 EDT
»
»
»

HTC Android Security Flaw Exposes Some Personal Data

October 3, 2011

Android’s HTC line of smartphones have been found to have a severe security flaw if they use applications that allow internet permissions. The Register reports the apps on the affected handsets that connect to the web or show ads are allowing access to personal and confidential information.

User accounts, including e-mail addresses and sync status for each can be easily accessed. The apps can also get their hands on the last known network, GPS locations and a limited previous history of locations.

The vulnerability is part of HTC’s Sense UI and affects a subset of phones which include the HTC Thunderbolt and the EVO 4G. It was spotted by Trevor Eckhart, Artem Russakovskii and Justin Case after the Sense UI update was released by HTC, who informed HTC about it and waited for a response.

With no response after five days from HTC, Eckhart contacted the website Android Police, a popular hangout for sharing Android news and reviews.

“Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the Internet permission (to submit scores online, for example), you don’t expect it to read your phone log or list of e-mails,” Russakovskii told International Business Times.

“The only reason the data is leaking left and right is because HTC set their snooping environment up this way,” he concluded.

HTC phones which are affected include an application package titled HTCLoggers.apk installed with root-level access. When called upon, the logging program opens a local port that will provide this data to any app that asks for it. Apps can send the data off to a remote server for safekeeping.

The breach is considered especially serious, particularly given that free apps often ask to collect embedded advertisements through internet connectivity. Such an app could now harvest very personal data and given the publicly available demonstration code it would be naive to think someone isn’t working on that right now.

Until HTC issues a software update, owners of the relevant phones can delete HTCLoggers from their devices if they root the phones.

On the Net:


Source: RedOrbit Staff & Wire Reports

Related Articles
Related Images
Related Videos
Related Reference Library
Most Recent Blogs
Breaking News
Space
Science
Technology
Health
CES 2013
More...
Streaming Video
YouTube Channel
Top Picks
Science
Health
More...
Images and Photos
Images of the Day
Image Galleries
Wallpapers
More...
Space Exploration
Astronomy
Human Spaceflight
Ask the Astronomer
Mars Science Laboratory
More...
Science and Research
Instruments
Calculator
Ask the Scientist
More...
Technology
Ask the Expert
Technology Reviews
More...
My Health
Health
More...
© 2002-2013 redOrbit.com. All rights reserved
All other copyrights remain the property of their respective owners