Yep I haven’t been around in awhile. But today’s blogging starts out with this little ppiece of information about a security leak in HTC android phones. Here’s the article in it’s entirety. and all I gotta say is smooth move, HTC.
HTC Phones Suffer Major Security Exploit
Latest Update Provides Easy Access to Personal Data
by Karl Bode
The folks over at Android Police note that several HTC model smartphones suffer from a rather major security exploit that can give a hacker access to personal information, e-mail addresses, and your location. The vulnerability is part of HTC’s Sense UI and affects several popular HTC phones, including the EVO 4G, EVO 3D, Thunderbolt, EVO Shift 4G, MyTouch 4G Slide, and several more. The problem began with a recent HTC update that introduced a suite of logging tools that creates a HTCLoggers.apk file accessible by any app with Internet permissions. That provides easy outside access to:
•The list of user accounts, including email addresses and sync status for each last known network and GPS locations and a limited previous history of locations phone numbers from the phone log.
•SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely).
•System logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, and phone numbers.
HTC was contacted on September 24th but has yet to comment on the vulnerability. “In my experience, lighting fire under someone’s ass in public makes things move a whole lot faster, which is why responsible disclosure is a norm in the security industry,” notes the website. Only stock phone firmware is impacted — users who have modified their Android HTC devices to run CyanogenMod are not impacted.
Update HTC is telling news outlets they’re “investigating” the security flaw.
according to further research, this issue only effects factory firmware for the android.
We’ll see what HTC does about this in the coming days.