Printed from http://www.electronista.com

HTC Android phones allegedly face gaping privacy exploit

updated 12:50 pm EDT, Sun October 2, 2011

HTC may slip personal, device data in major bug

An investigation may have revealed a major security exploit in HTC's Android phones. The look, by Android Police and custom firmware maker Trevor Eckhart, alleges that HTC's most recent custom Sense UI interface has logging tools such as HTCLogger that insecurely collect private data. Any app that requires basic Internet permission can technically have access to account information, phone numbers, text messages, and even precise device information such as processor and memory details, installed apps, and location.

The logging tools themselves have their own extensive command systems, but no login checks. They use root-level privileges to try and send out certain kinds of features, the researchers checked. HTC even has a VNC client in its installs that could theoretically be used to remotely access the phone itself if the device was compromised.

Phones known to include the code in question are headlining phones such as the Evo 3D, Evo 4G, and Thunderbolt. Other phones, such as the myTouch 4G Slide, the Sensation, and even future phones like the Vigor, might also be susceptible.

HTC was reportedly contacted about the flaw more than a week ago to privately disclose the problems before an attempt but hasn't responded so far. It may be investigating the issue but hasn't confirmed this.

While it remains possible that the actual susceptibility of the logs to the attack is being overstated, the discovery if substantiated could leave a large portion of Android itself open to privacy violations. Google itself tends to require consent before information leaves a device, but its willingness to let third parties customize the underlying code lets its hardware partners potentially create security exploits and privacy concerns that didn't exist before. Apple doesn't offer freedom to customize the code on iOS but, as it controls the whole process, also can't be undermined by a third party.





By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. slapppy

    Fresh-Faced Recruit

    Joined: Mar 2008

    +3

    Wow

    That sucks for Android users. lol

  1. Geoduck

    Junior Member

    Joined: Jan 2010

    -4

    Sounds familiar

    "HTC's most recent custom Sense UI interface has logging tools such as HTCLogger that insecurely collect private data. Any app that requires basic Internet permission can technically have access to account information, phone numbers, text messages, and even precise device information such as processor and memory details, installed apps, and location."

    Wasn't that same thing Apple got crucified for last year. As it's not Apple this bug will be quietly fixed and nobody will have a fit or file suit.

  1. msuper69

    Professional Poster

    Joined: Jan 2000

    +5

    No thanks!

    Android is way too open. Anybody can write malicious code and nobody vets the code before users download and install. I'll take Apple's approach.

  1. UmarOMC

    Fresh-Faced Recruit

    Joined: Aug 2001

    0

    This is HORRIBLE

    Can't say much else...

  1. SockRolid

    Forum Regular

    Joined: Jan 2010

    +1

    Yay open!

    This is what happens when you let hardware manufacturers diddle with an OS.

    And exactly how much is HTC paying Microsoft to license the patents that Android infringes? Might be more cost effective to just license a professionally developed mobile OS instead. LIke oh, I dunno, maybe Windows Phone 7?

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1

    and...

    any iPhone app has complete access to your address book without prompting and send it out. Oh, but that's a design 'feature', so it's OK.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Patriot Supersonic Rage XT 128GB USB drive

USB thumb drives are getting larger by the day, their growth speeding along with the availability and expansion of memory chips. But h ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

Sponsor

toggle

Most Commented

 
toggle

Popular News