We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

HTC Acknowledges Security Flaw, Promises Quick Fix

The vulnerability exposes nearly all a user’s data to any app that can access the Internet from the handset.

HTC has acknowledged a security vulnerability in several of its smartphones but dodged responsibility for the flaw. The vulnerability exposes nearly all a user’s data to any app that can access the Internet from the handset.

HTC released a statement saying, “In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application."

The statement appears to skirt the issue revealed by security researchers: that modifications made by HTC to the version of Android in several of the company's smartphone models made data in the handsets easy pickings for Web-accessible apps.

Researchers found a suite of logging tolls on HTC's EVO 3D, EVO 4G, Thunderbolt and possibly its Sensation line of phones that collect a lot of information about the devices. That information could easily be accessed by practically any app. "If you, as a company, plant these information collectors on a device, you better be damn sure the information they collect is secured and only available to privileged services or the user, after opting in," one of the researchers, Artem Russakouskii, wrote at the Android Police website. That doesn't appear to be the case with these HTC tools.

In its statement, HTC cautioned malware developers about the consequences of exploiting the vulnerability. "A third-party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws," the company said.

HTC said it is "working very diligently to quickly release a security update that will resolve the issue on affected devices."

"Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it," the statement said.

Until that time, however, the company advised its customers to use caution when downloading and installing or updating apps from untrusted sources.

The researchers had an alternative suggestion for more adventurous Android users: remove HTC's logging tools from the phone. That, however, requires jailbreaking, or rooting, the phone, which voids its warranty.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.


IDG UK Sites

Black Friday 2014 tech deals UK Live: Best Black Friday deals from Apple, Amazon, Argos, eBay,...

IDG UK Sites

Black Friday feeding frenzy infects the UK

IDG UK Sites

VAT MOSS: Will I be affected by the EU VAT changes? Here are the facts for designers and artists

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & Black Friday tech offers