Security researchers have discovered a ‘massive’ flaw in some Android based smartphones manufactured by HTC.
Security experts Trevor Eckhart, Artem Russakouskii, and Justin Case have discovered a flaw which allows any application, which has been given the permission to access the internet, to access a plethora of user information like email addresses, GPS location and even text messages. According to the experts, EVO 3D, EVO 4G, Thuderbolt and possible the Sensation range of smartphones may be affected with this vulnerability.
According to PC World, the researchers claimed that they had alerted the Taiwanese smartphone maker about the flaw on September 24 and went public with their discovery after the company failed to respond them for 5 days.
The flaw has its root in software modifications HTC made to its EVO and Thunderbolt smartphones. The modifications made to the Android software were in the form of certain logging tools.
“If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in,” wrote Artem Russakouskii in a blog post.
“Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the [Android] Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of e-mails,” he added.
Further information can be obtained from here.