jes
MyBroadband Alumnus
- Joined
- Nov 11, 2009
- Messages
- 11,992
- Reaction score
- 123
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
Elimentals
Honorary Master
erMaC
Well-Known Member
The guys over at xda are on it.
http://forum.xda-developers.com/showpost.php?p=18077575&postcount=3947
Edit: tested on my Desire HD running Android Revolution HD 6.1.1, works like a charm. Retested the exploit, no longer vulnerable.
http://forum.xda-developers.com/showpost.php?p=18077575&postcount=3947
Edit: tested on my Desire HD running Android Revolution HD 6.1.1, works like a charm. Retested the exploit, no longer vulnerable.
Last edited:
MightyMuffinMan
Expert Member
lol, and the point is? Any app you donload can freeze the phone.
erMaC
Well-Known Member
No, the problem is HTC is logging a lot of information that shouldn't be let loose. I took a quick look through the logs and found my email address, phone number, facebook account, twitter account and a list of all apps installed on my phone. There was more info in the log, but I had seen enough to convince me that it was something I needed to fix ASAP. This means all this info could be swiped by a rogue app using the same technique and I'd rather not give them the opportunity.
Last edited:
Sorry, I'm a little confused. You were able to run the PoC app and your Desire HD was vulnerable, then you changed something and it is not longer vulnerable... Is that correct? If so, what did you change?
erMaC
Well-Known Member
Elimentals
Honorary Master
Lucky I flashed with MIUI ages ago so no logging service 
I guess most of the Sense custom ROMs will be fixing there zips within this week as for what HTC is gonna do I would love to see how long it takes for a fix on stock ROMs
Another reason to root and flash.
I guess most of the Sense custom ROMs will be fixing there zips within this week as for what HTC is gonna do I would love to see how long it takes for a fix on stock ROMs
Another reason to root and flash.
Hectic... So the logger service was in a third-party ROM?
erMaC
Well-Known Member
I just received this updated statement from Leaf:
"HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources."
Updating the article now...
"HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources."
Updating the article now...
Great marketing for CarrierIQ. While it's cool that none of the SA boys are using it (from a consumer privacy point of view), I can promise you it's not because of a moral high ground taken by the operators. You can bet your bottom dollar that it's is now on their radar for evaluation. Who wouldn't want a 30% reduction in deployment costs? 