The Tech Herald

HTC fixes Android data leak vulnerability - users told to update

by Steve Ragan - Oct 26 2011, 14:00

HTC has delivered on a promise to fix a data leak vulnerability discovered earlier this month. The patch, which is being delivered Over-The-Air to T-Mobile and Sprint subscribers, is an encouraged update for all customers.

Earlier this month, application developer Trevor Eckheart, along with Artem Russakovskii and Justin Case, initially discovered the problems after an update to the Sense UI (user interface) was released by HTC.

The update installed some new tools to their devices, which can be used to extract personal information simply by installing a malicious application that requires Internet permissions.

It allows any Android application that connects to the Web or shows ads to access a list of user accounts on the device, including email addresses and sync status. In addition, one can also access last known network and GPS data, along with a limited previous history of locations.

Moreover, the buggy tools expose phone numbers, SMS data, and other system logs. The SMS exposure includes encoded text, but it is unknown if this data can be decrypted. Also of note is the installation of 'androidvncserver'. As the name suggests, HTC has placed a VNC application on devices, but with no explanation as to why.

Sprint worked closely with HTC after reports emerged of a potential issue that could allow malicious third-party apps to compromise data on Android devices made by HTC. We urge all users to install the update promptly, the company said.

Additional information on the Sprint patches can be seen here. The update covers those using the EVO 4G, 3D, Shift 4G, Design 4G, View 4G, and HTC Wildfire S devices.

T-Mobile is also pushing updates for myTouch 4G Slide and G2 devices. Thunderbolt updates are packed inside the Gingerbread installation being pushed by Verizon. For those who have not seen the OTA updates, you can attempt a manual update by going to:

Settings - System updates - HTC software update - Check Now.

 

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Lamborghini Aventador LP 700-4 Pirelli Edition

Lamborghini have unveiled a special Aventador LP 700-4 Pirelli Edition to celebrate the...

Miami Formula E Tickets On Sale Now

Tickets for the first US race in the Formula E calendar — Miami — are on sale now.The ePrix&...

Our Most Popular Car Games Of 2014

It’s that time of year when we take stock of where we’re at and button down the hatches over...

Monster Truck World Speed Record Broken By The Raminator

The monster truck speed record has been broken by road-going goliath The Raminator.The truck...

Car Games Update – December 2014

Our car games section is constantly growing and becoming more popular by the day. Over the p...