Printed from http://www.electronista.com

HTC Android phones allegedly face gaping privacy exploit

updated 12:50 pm EDT, Sun October 2, 2011

HTC may slip personal, device data in major bug

An investigation may have revealed a major security exploit in HTC's Android phones. The look, by Android Police and custom firmware maker Trevor Eckhart, alleges that HTC's most recent custom Sense UI interface has logging tools such as HTCLogger that insecurely collect private data. Any app that requires basic Internet permission can technically have access to account information, phone numbers, text messages, and even precise device information such as processor and memory details, installed apps, and location.

The logging tools themselves have their own extensive command systems, but no login checks. They use root-level privileges to try and send out certain kinds of features, the researchers checked. HTC even has a VNC client in its installs that could theoretically be used to remotely access the phone itself if the device was compromised.

Phones known to include the code in question are headlining phones such as the Evo 3D, Evo 4G, and Thunderbolt. Other phones, such as the myTouch 4G Slide, the Sensation, and even future phones like the Vigor, might also be susceptible.

HTC was reportedly contacted about the flaw more than a week ago to privately disclose the problems before an attempt but hasn't responded so far. It may be investigating the issue but hasn't confirmed this.

While it remains possible that the actual susceptibility of the logs to the attack is being overstated, the discovery if substantiated could leave a large portion of Android itself open to privacy violations. Google itself tends to require consent before information leaves a device, but its willingness to let third parties customize the underlying code lets its hardware partners potentially create security exploits and privacy concerns that didn't exist before. Apple doesn't offer freedom to customize the code on iOS but, as it controls the whole process, also can't be undermined by a third party.





By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. slapppy

    Fresh-Faced Recruit

    Joined: Mar 2008

    +3

    Wow

    That sucks for Android users. lol

  1. Geoduck

    Junior Member

    Joined: Jan 2010

    -4

    Sounds familiar

    "HTC's most recent custom Sense UI interface has logging tools such as HTCLogger that insecurely collect private data. Any app that requires basic Internet permission can technically have access to account information, phone numbers, text messages, and even precise device information such as processor and memory details, installed apps, and location."

    Wasn't that same thing Apple got crucified for last year. As it's not Apple this bug will be quietly fixed and nobody will have a fit or file suit.

  1. msuper69

    Professional Poster

    Joined: Jan 2000

    +5

    No thanks!

    Android is way too open. Anybody can write malicious code and nobody vets the code before users download and install. I'll take Apple's approach.

  1. UmarOMC

    Fresh-Faced Recruit

    Joined: Aug 2001

    0

    This is HORRIBLE

    Can't say much else...

  1. SockRolid

    Forum Regular

    Joined: Jan 2010

    +1

    Yay open!

    This is what happens when you let hardware manufacturers diddle with an OS.

    And exactly how much is HTC paying Microsoft to license the patents that Android infringes? Might be more cost effective to just license a professionally developed mobile OS instead. LIke oh, I dunno, maybe Windows Phone 7?

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1

    and...

    any iPhone app has complete access to your address book without prompting and send it out. Oh, but that's a design 'feature', so it's OK.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News