We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

HTC Investigates Reports of Vulnerability in Android Phones

On the heels of researchers claiming a massive vulnerability, HTC now says it will investigate

Revelations by researchers over the weekend that several HTC Android phone models contain a "massive security vulnerability" are being examined by the mobile handset maker.

In a statement released to the media, HTC said, "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible."

"We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken," it added.

The vulnerability affects HTC EVO 3D, EVO 4G, Thunderbolt and possibly its Sensation line, according to researchers, Trevor Eckhart, Artem Russakouskii and Justin Case.

Eckhart, who initially discovered the security hole, attributed it to modifications HTC made to the version of Android used in those phone models. Those modifications allow any program on a phone with Internet access to have access to almost all data on the device.

The researchers alerted HTC to the vulnerability on September 24, but when they received no response from the company for five days, they went public with their discovery September 30.

One way to close the vulnerability is to delete a system file named htcloggers, but to do that, a user needs to jailbreak, or "root," their phone, which could void its warranty. Short of that, the researchers recommended that users be careful about the apps they download until HTC fixes the problem.

That shouldn't be too difficult, according to Rik Ferguson, director of security research and communications at Trend Micro. "It sounds like something very simple to patch," he told the BBC.

"They didn't anticipate that kind of information would be of interest," he added. "It's a lack of foresight rather than lax programming, I think. It should be something relatively easy to fix."

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......