ID: IRCNE2011101272
Date: 2011-10-03
According to " thetechherald", Handset maker HTC is investigating reports of a security vulnerability that could be leveraged to expose personal information, which exists on a number of devices. Reports of the vulnerability were published on Saturday by AndroidPolice.com.
Application developer Trevor Eckheart, along with Artem Russakovskii and Justin Case, discovered the problems after an update to the Sense UI (user interface) was released by HTC. The update installed some new tools to their devices, which can be used to extract personal information simply by installing a malicious application that requires Internet permissions.
The update allows “any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads)” to access a list of user accounts on the device, including email addresses.
In addition, one can also access last known network and GPS data. Moreover, the buggy tools expose phone numbers, SMS data, and other system logs. The SMS exposure includes encoded text, but it is unknown if this data can be decrypted.
“HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim.” the company said in a statement.
So far, HTC handsets such as the EVO 4G, EVO 3D, Thunderbolt, are confirmed as impacted. Moreover, the EVO Shift, future Sensation devices, and the MyTouch Slide could be affected as well.
- 2