Gadgets3.10.2011

Warning! HTC Android security vulnerability revealed

Summary: A security vulnerability in HTC Android devices reported by Android Police does not seem to affect all their mobile phones equally, and remains unconfirmed by HTC.

Over the weekend, Android Police reported that they have discovered a security vulnerability in HTC Android devices, which they said they tested and confirmed on the HTC Evo, HTC Evo 3D, and HTC Thunderbolt.

According to Android Police, Trevor Eckhart discovered the vulnerability and also wrote an open source proof of concept application to showcase his findings.

Two users reported that they downloaded the app and saw the vulnerability in action on their HTC Sensation Android smartphones. One specified that he had an HTC Sensation from T-Mobile.

We also tested the vulnerability on our HTC Sensation that we got through local distributor Leaf International Communications.

The app downloads, installs and runs, but displays an error and doesn’t allow you to edit any of the fields.

Other commenters on Android Police have reported the same behaviour on their devices, including one other Sensation user, which could indicate that the vulnerability may not affect all devices of a particular model.

Asked to confirm whether the vulnerability affected any devices sold in South Africa, HTC’s official distributors, Leaf International Communications, said they didn’t have specific information yet and provided the following statement:

“HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”

Update 2011-10-04 (10h21): Leaf have provided the following statement from HTC.

“HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.”

Show comments

Latest news

More news

Trending news

Poll

If you were in the market for a portable Bluetooth speaker, which brand would you choose?

View Results

Loading ... Loading ...
Sign up to the MyBroadband newsletter