NEWS
NEWS
NEWS
HTC Looks into Security Flaw Discovered by a Blogger
Not too long ago, a blogger discovered a security flaw in some of HTC’s mobile phones. EVO 3D, EVO 4G, Thunderbolt, and possibly the Sensation–the phones hold a user’s GPS location and e-mail addresses, which are accessible to anyone granted with Internet permission. No log in or password required.
“HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible,” the company said in a statement. “We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”
The file accessible through Internet sharing permission is called HtcLoggers.apk which contains a good deal of personal info. This includes:
• The list of user accounts, including email addresses
• A log of recent GPS locations
• Phone numbers taken from recent call logs
• SMS data, including recent numbers and encoded messages
• active notifications in the notification bar, including notification text
• build number, bootloader version, radio version, kernel version
• network info, including IP addresses
• full memory info
• CPU info
• file system info and free space on each partition
• running processes
• current snapshot/stacktrace of not only every running process but every running thread
• list of installed apps, including permissions used, user ids, versions, and more
• system properties/variables
• currently active broadcast listeners and history of past broadcasts received
• currently active content providers
• battery info and status, including charging/wake lock history
Trend Micro’s Rik Ferguson believes that the issue is nothing particularly difficult to solve and it can be fixed in no time.
“It sounds like something very simple to patch,” he told the BBC.
“They didn’t anticipate that kind of information would be of interest. It’s a lack of foresight rather than lax programming, I think. It should be something relatively easy to fix.”
HTC’s not the first. Earlier this year, Apple faced congress because of a similar concern. Apple was storing location data without user’s consent and fixed the issue with iOS 4.3.3 Software Update. Android’s got its share of class action lawsuit as well for the same reason. The difference of the two, however, is that Apple’s devices stores information but it doesn’t send the information to Apple. Android, meanwhile, does. These issues boil down to the fact the GPS is a problem, and not knowing your privacy settings will only add to the injury.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
