Skip to main content

Android Based HTC Smartphones Have Major Security Vulnerability, Details Disclosed

Security researchers have discovered a ‘massive’ flaw in some Android based smartphones manufactured by HTC.

Security experts Trevor Eckhart, Artem Russakouskii, and Justin Case have discovered a flaw which allows any application, which has been given the permission to access the internet, to access a plethora of user information like email addresses, GPS location and even text messages. According to the experts, EVO 3D, EVO 4G, Thuderbolt and possible the Sensation range of smartphones may be affected with this vulnerability.

According to PC World (opens in new tab), the researchers claimed that they had alerted the Taiwanese smartphone maker about the flaw on September 24 and went public with their discovery after the company failed to respond them for 5 days.

The flaw has its root in software modifications HTC made to its EVO and Thunderbolt smartphones. The modifications made to the Android software were in the form of certain logging tools.

“If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in,” wrote Artem Russakouskii in a blog post.

“Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the [Android] Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of e-mails,” he added.

Further information can be obtained from here (opens in new tab).

Ravi Mandalia

Ravi Mandalla was ITProPortal's Sub Editor (and a contributing writer) for two years from 2011. Based in Ahmedabad, India, Ravi is now the owner and founder of Parity Media Pvt. Ltd., a news and media company, which specializes in online publishing, technology news and analysis, reviews, web site traffic growth, web site UI. Ravi lists his specialist subjects as: Enterprise, IT, Technology, Gadgets, Business, High Net Worth Individuals, Online Publishing, Advertising, Marketing, Social Media, News, Reviews, Audio, Video, and Multi-Media. He has also previously worked as Dy. Manager - IT Security at (n)Code Solutions.