HTC EVO 3D, EVO 4G, Thunderbolt, Vigor (& More) Affected by Significant Android Security Vulnerability?
![HTC EVO 3D, EVO 4G, Thunderbolt, Vigor (& More) Affected by Significant Android Security Vulnerability? [New Android Potential Hack Discovered, Does HTC Keep Logs of Contacts, GPS, SMS (& More) Which Hackers Can Easily Access?]](http://tftscdn3.nexus404.com/Blog/thumbnailimages/alt/Android-logo-with-HTC-Logo-and-monsterTFTSThumb220153.jpg){kind=logo}
Should we really be surprised to hear there’s another Android security vulnerability in the wild? This time around it’s an issue that seems to affect only HTC Android handsets, so if you don’t happen to own one such device then you’re probably safe, at least until the next security expert starts further exploring with the OS.
The “massive” Android security vulnerability, as reported by Android Police, affects various popular HTC handsets including the HTC EVO 3D, the HTC EVO 4G, the Thundebolt, the EVO Shift 4G, the myTouch 4G Slide, various Sensation models and even the unreleased Vigor.
What is the problem you ask? Well it looks like HTC is logging information, “LOTS” of information, even after the user opts out of such logging, and fails to store it securely. Therefore clever hackers interested in getting a hold of your contacts, GPS details, SMS, email addresses and other details, may be able to easily collect them after getting your device.
According to the available research, any app running on HTC devices and requesting “android.permission.INTERNET,” which is what any free app that shows ads would do, can access the following:
• the list of user accounts, including email addresses and sync status for each
• last known network and GPS locations and a limited previous history of locations
• phone numbers from the phone log
• SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)
• system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
The HTCLoggers.apk will apparently fork over all this data, and much more on top of it, to anyone clever enough to find his or her way to it. In fact there’s not even a user/password layer of defense set up, at least not yet.
HTC is yet to send out an official word on this critical security matter, and I expect they will try to explain everything. In the mean time rooting your phone is the best way to go to delete the application mentioned above. Of course, on the other hand not every hacker out there is going out of their way to get your sensitive details, are they?
Trevor Eckhart, the guy that discovered the security vulnerability and who created a proof of concept application (demoed in the video above) has contacted HTC about the issue since discovering it on September 24. But it seems HTC didn’t care to really respond. So let’s see what happens come Monday morning! Because Tuesday someone, somewhere, on a certain stage, may poke HTC for allowing such a thing to happen. Although, in HTC’s defense, someone also used to track users locations by mistake as revealed a few months ago.
Credit: Source.Researcher Says Malicious Hackers Could Easily Control GSM Phones Remotely to Make Them Send Texts & Make Calls
New Reports Say Developers Have Access to iOS Address Book Because Apple Is Not Preventing Such a “Feature”
U.S. Congress Sends Letter to Apple Asking How & Why Developers Can Access Personal Data via Their iOS Apps
Security Flaw In iOS 5 Difficult To Actually Use, But If Done Properly Opens Up Your Contacts List & More To Prying Eyes
Google’s Executive Chairman Tries to Fend Off Android Fragmentation Issues, We’re Not That Easily Fooled
1 Comment / Add Your Response?
Breaking News
The TFTS Team
This is why you root and run ROMS. Take this crap (& all the crap OS’s put on these phones). The ROM / Hacker cimmunity produce a much better product than any of the manufacturers or carriers ever will.