The Tech Herald

HTC fixes Android data leak vulnerability - users told to update

by Steve Ragan - Oct 26 2011, 14:00

HTC has delivered on a promise to fix a data leak vulnerability discovered earlier this month. The patch, which is being delivered Over-The-Air to T-Mobile and Sprint subscribers, is an encouraged update for all customers.

Earlier this month, application developer Trevor Eckheart, along with Artem Russakovskii and Justin Case, initially discovered the problems after an update to the Sense UI (user interface) was released by HTC.

The update installed some new tools to their devices, which can be used to extract personal information simply by installing a malicious application that requires Internet permissions.

It allows any Android application that connects to the Web or shows ads to access a list of user accounts on the device, including email addresses and sync status. In addition, one can also access last known network and GPS data, along with a limited previous history of locations.

Moreover, the buggy tools expose phone numbers, SMS data, and other system logs. The SMS exposure includes encoded text, but it is unknown if this data can be decrypted. Also of note is the installation of 'androidvncserver'. As the name suggests, HTC has placed a VNC application on devices, but with no explanation as to why.

“Sprint worked closely with HTC after reports emerged of a potential issue that could allow malicious third-party apps to compromise data on Android devices made by HTC. We urge all users to install the update promptly,” the company said.

Additional information on the Sprint patches can be seen here. The update covers those using the EVO 4G, 3D, Shift 4G, Design 4G, View 4G, and HTC Wildfire S devices.

T-Mobile is also pushing updates for myTouch 4G Slide and G2 devices. Thunderbolt updates are packed inside the Gingerbread installation being pushed by Verizon. For those who have not seen the OTA updates, you can attempt a manual update by going to:

Settings - System updates - HTC software update - Check Now.

 

Comment on this Story

comments powered by Disqus

From Autosaur.com

Lucky Escape from Out of Control Truck

This man had a lucky escape on a New Jersey Turnpike when he had to stop on the road du...

Concept Car Videos from Detroit Auto Show

As at every big car show manufacturers at the Detroit Auto Show 2015 were keen to give us th...

Concept Car Pictures from Detroit Auto Show

Well we still had a few pics from the in Detroit Auto Show to put up. These are some of...

Nissan #withdad Super Bowl Commercial Teaser

Nissan have revealed the first glimpse of their #withdad Super Bowl commercial set to s...

This Is What A Horror 150-Car Pile-up In Snow Looks Like (VIDEO)

This incredible footage shows the terrifying unfolding of a massive 150-car pile-up tha...