HTC promises over-the-air vulnerability patch
By Tom Brewster,
HTC has responded to reports of a security vulnerability in its Android devices by promising to release an over-the-air patch to be delivered by carriers.
The Android Police released information about a flaw which allowed malicious apps to potentially access data including email addresses, GPS locations and phone numbers from users.
It affected any app on affected devices requesting a single android.permission.INTERNET - which is standard procedure for any app that connects to the web or displays ads. That includes hugely popular apps such as Angry Birds.
This app is capable of collecting all kinds of data.
The Android Police said the flaw resided in a logging tool HTC introduced to some of its devices recently, known as HtcLoggers.apk.
“This app is capable of collecting all kinds of data ... and then provide it to anyone who asks for it by opening a local port,” the Android Police said.
“Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. Ironically, because a given app has the INTERNET permission, it can also send all the data off to a remote server.”
Now HTC has promised to plug the security hole, admitting a malicious app could be created to exploit the vulnerability. The manufacturer said the flaw would do “no harm to customers’ data,” however.
“So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability,” HTC said.
“HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it.”
A host of HTC phones appear to be affected, including the EVO 4G, EVO 3D and the Thunderbolt.
Android phones have increasingly become a target for cyber criminals. An email-stealing Android app will most likely be seen before the end of the year, a security expert recently told IT Pro.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
