TechUK and MPs debate the future of digital Britain live: News, pictures and analysis

Feedback

HTC Android phones holed

MobileNews
, 03 Oct 2011News

Some Android smartphones made by HTC are collecting and storing user data in such a way as to make them vulnerable to virtually anyone who cares to look.

The vulnerability first described by Trevor Eckhart afflicts a number of HTC phones and gives would-be attackers access to such personal information as email addresses and phone numbers, text message and location-based data through Internet-connected apps installed on the devices. Phones thus far found to be vulnerable are  Evo 3D, the Evo 4G and the Thunderbolt

Researchers Artem Russakovskii and Justin Case joined Eckhart in investigating and documenting the flaw here.

According to them, HTC introduces collects 'lots' of information. but fails to properly protect it.

Any app on affected devices that requests a single android.permission.INTERNET can gain access to the list of user accounts, including "email addresses; the last known network and GPS locations and a limited previous history of locations; phone numbers from the phone log; SMS data, including phone numbers and encoded text and system logs which include everything your running apps do and is likely to include email addresses, phone numbers, and other private info."

HTC said it is investigating the claims.

Topics
blog comments powered by Disqus