Massive HTC Android Vulnerability Leaves Security Expert "Speechless" - GoFuckYourself.com

Mike Honcho · 10-02-2011, 08:54 PM

?I am quite speechless right now?, begins Artem Russakovskii over at Android Police as he posts about a ?massive? security flaw in HTC Android devices that allows malicious hackers to access phone numbers, GPS, SMS, email addresses and more.

The affected devices include EVO, 3D, 4G and Thuderbolt and apparently the flaw goes so deep that the guys at Android Police are discovering new issues with each new test or examination:

What Trevor found is only the tip of the iceberg ? we are all still digging deeper ? but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:

- the list of user accounts, including email addresses and sync status for each last known network and GPS locations and a limited previous history of locations

- phone numbers from the phone log

- SMS data, including phone numbers and encoded text (not sure yet if it?s possible to decode it, but very likely)

- system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info

Even worse, for apps that only need one type of information, like internet permissions, this vulnerability still grants access to other areas of the device (like location, logs, even battery stats, just to name a few).

Basically, it sounds as if you?re using one of these HTC Android devices, you?ve been walking around with your fly undone and a big ?eff me over? sign on your back.

The security research is ongoing and we?ll update with any fixes or security patches that get issued. The only way this gets fixed is an update from HTC itself, says the guys at A.P.

Glad Sprint is getting the IPhone 5.

BIGTYMER · 10-02-2011, 09:37 PM

I love my iPhone.

FlowerKid · 10-02-2011, 09:54 PM

Better get a Nokia with Symbian OS. Maybe it's not so sexy but seems to be secure at least.

acctman · 10-02-2011, 11:35 PM

its Android opensource free for all... why complain. you knew what you were getting prior to purchasing. sure its only HTC for now, but Google has left it up to everyone else to patch and secure Android on there handsets

Chosen · 10-03-2011, 01:44 AM

It sucks...

MrE · 10-03-2011, 02:03 AM

Im sure an update will be out pretty soon. Time to bust out my razr v3re from storage for the mean time....lol yea right

MrE

Paul&John · 10-03-2011, 02:32 AM

Quote:

Originally Posted by FlowerKid

Better get a Nokia with Symbian OS. Maybe it's not so sexy but seems to be secure at least.

Agree, it does the job

10-02-2011, 08:54 PM	#1
Mike Honcho Confirmed User Industry Role: Join Date: Aug 2007 Location: FL Posts: 1,608	Massive HTC Android Vulnerability Leaves Security Expert "Speechless" ?I am quite speechless right now?, begins Artem Russakovskii over at Android Police as he posts about a ?massive? security flaw in HTC Android devices that allows malicious hackers to access phone numbers, GPS, SMS, email addresses and more. The affected devices include EVO, 3D, 4G and Thuderbolt and apparently the flaw goes so deep that the guys at Android Police are discovering new issues with each new test or examination: What Trevor found is only the tip of the iceberg ? we are all still digging deeper ? but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on: - the list of user accounts, including email addresses and sync status for each last known network and GPS locations and a limited previous history of locations - phone numbers from the phone log - SMS data, including phone numbers and encoded text (not sure yet if it?s possible to decode it, but very likely) - system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info Even worse, for apps that only need one type of information, like internet permissions, this vulnerability still grants access to other areas of the device (like location, logs, even battery stats, just to name a few). Basically, it sounds as if you?re using one of these HTC Android devices, you?ve been walking around with your fly undone and a big ?eff me over? sign on your back. The security research is ongoing and we?ll update with any fixes or security patches that get issued. The only way this gets fixed is an update from HTC itself, says the guys at A.P. Glad Sprint is getting the IPhone 5. __________________

10-02-2011, 09:54 PM	#3
FlowerKid Confirmed User Join Date: Sep 2005 Location: Zurich Posts: 1,045	Better get a Nokia with Symbian OS. Maybe it's not so sexy but seems to be secure at least. __________________

10-02-2011, 09:37 PM	#2
BIGTYMER Junior Achiever Industry Role: Join Date: Nov 2004 Location: Walled Garden Posts: 17,066	I love my iPhone.

10-02-2011, 11:35 PM	#4
acctman Confirmed User Join Date: Oct 2003 Location: Atlanta Posts: 2,840	its Android opensource free for all... why complain. you knew what you were getting prior to purchasing. sure its only HTC for now, but Google has left it up to everyone else to patch and secure Android on there handsets

10-03-2011, 01:44 AM	#5
Chosen VIPPay.com \| AdultWebSponsors.com Industry Role: Join Date: Aug 2001 Posts: 63,151	It sucks...

10-03-2011, 02:03 AM	#6
MrE Registered User Industry Role: Join Date: Sep 2011 Location: Los Angeles Posts: 69	Im sure an update will be out pretty soon. Time to bust out my razr v3re from storage for the mean time....lol yea right MrE