Massive HTC Android Vulnerability Leaves Security Expert "Speechless"

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Mike Honcho
    Confirmed User
    • Aug 2007
    • 1608

    #1

    Massive HTC Android Vulnerability Leaves Security Expert "Speechless"



    ?I am quite speechless right now?, begins Artem Russakovskii over at Android Police as he posts about a ?massive? security flaw in HTC Android devices that allows malicious hackers to access phone numbers, GPS, SMS, email addresses and more.

    The affected devices include EVO, 3D, 4G and Thuderbolt and apparently the flaw goes so deep that the guys at Android Police are discovering new issues with each new test or examination:

    What Trevor found is only the tip of the iceberg ? we are all still digging deeper ? but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:

    - the list of user accounts, including email addresses and sync status for each last known network and GPS locations and a limited previous history of locations

    - phone numbers from the phone log

    - SMS data, including phone numbers and encoded text (not sure yet if it?s possible to decode it, but very likely)

    - system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info

    Even worse, for apps that only need one type of information, like internet permissions, this vulnerability still grants access to other areas of the device (like location, logs, even battery stats, just to name a few).

    Basically, it sounds as if you?re using one of these HTC Android devices, you?ve been walking around with your fly undone and a big ?eff me over? sign on your back.

    The security research is ongoing and we?ll update with any fixes or security patches that get issued. The only way this gets fixed is an update from HTC itself, says the guys at A.P.

    Glad Sprint is getting the IPhone 5.
  • BIGTYMER
    Junior Achiever
    • Nov 2004
    • 17066

    #2
    I love my iPhone.

    Comment

    • FlowerKid
      Confirmed User
      • Sep 2005
      • 1045

      #3
      Better get a Nokia with Symbian OS. Maybe it's not so sexy but seems to be secure at least.

      Comment

      • acctman
        Confirmed User
        • Oct 2003
        • 2840

        #4
        its Android opensource free for all... why complain. you knew what you were getting prior to purchasing. sure its only HTC for now, but Google has left it up to everyone else to patch and secure Android on there handsets

        Comment

        • Chosen
          • Aug 2001
          • 63151

          #5
          It sucks...

          Comment

          • MrE
            Registered User
            • Sep 2011
            • 69

            #6
            Im sure an update will be out pretty soon. Time to bust out my razr v3re from storage for the mean time....lol yea right



            MrE

            Comment

            • Paul&John
              Confirmed User
              • Aug 2005
              • 8643

              #7
              Originally posted by FlowerKid
              Better get a Nokia with Symbian OS. Maybe it's not so sexy but seems to be secure at least.
              Agree, it does the job
              Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo!
              Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here

              Comment

              Working...