HTC Android phones are leaking your private information and inviting malware with open arms

Posted by Knowlton Thomas on 2011-10-04 9:00:00 AM

UPDATE: HTC has released the following public statement.

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

The Android Police have uncovered a security flaw with HTC's pre-installed software that it injects into many of its Android-powered mobile devices.

The software is a silent background app that logs your email, phone history, GPS location, SMS data and numbers, CPU, memory, and network information, and more. This is designed to be for HTC on a need-only basis. It's also designed to be anonymous.

But the Android Police have come to discover that this is, rather unsettlingly, not the case. Resulting in a security flaw that left author Artem Russakovskii "speechless," this pre-installed software actually includes a gaping hole through which third-party apps can access your information without permission. Moreover, malware can walk right into your Android device and have a party.

Which phones are affected? The Thunderbolt, EVO 3D and 4G appear to be definitely affected, but also vulnerable may be the EVO Shift, MyTouch 4G Slide, Sensation, View 4G, and more. Really, any HTC device made within the past year or so could possess this "massive security vulnerability."

According to the Android Police, HTC originally ignored inquiries about the issue, and has only began looking into the situation after the concern went public.

Photo: GSM Dome

Similar Posts

blog comments powered by Disqus

Knowlton Thomas

Knowlton Thomas

Knowlton is the Associate Editor of Techvibes. A Vancouver-based writer and author, Knowlton has been published in national publications and has also appeared on television and radio. He has written two ebooks and more are in the works. Previously, he was an editor for New Westminster weekly The Other Press and served on its board of directors. When not working, Knowlton enjoys playing... more

Recent Comments

Powered by Disqus