Monday, October 3, 2011

Security flaw in HTC Android smartphones



Story by Jacob Aron on
http://www.newscientist.com/blogs/onepercent/2011/10/security-flaw-exposed-in-htc-a.html

Malicious apps can gain access to personal data stored on some Android smartphones made by Taiwanese firm HTC, say security researchers writing on the Android Police blog. Any app with permission to access the internet - which includes most ad-supported apps - can read off data including email addresses, location history and call logs. Affected models include the HTC EVO 3D, EVO 4G and Thunderbolt, say the researchers.

The data is gathered by an app called HtcLoggers. It was designed by HTC to log information for troubleshooting purposes, but it turns out that anyone can access the information without the need for a password or any other protection. "It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door," say the researchers.

HTC has issued the following statement in response to the claimed vulnerability: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."

Until then, users who have "rooted" their phone (modifying the operating system to provide greater access to the device) can delete the HtcLoggers app, while those with unmodified phones should avoid downloading any suspicious apps that could be taking advantage of this security flaw.

No comments:

Post a Comment