The Tech Herald

HTC fixes Android data leak vulnerability - users told to update

by Steve Ragan - Oct 26 2011, 14:00

HTC has delivered on a promise to fix a data leak vulnerability discovered earlier this month. The patch, which is being delivered Over-The-Air to T-Mobile and Sprint subscribers, is an encouraged update for all customers.

Earlier this month, application developer Trevor Eckheart, along with Artem Russakovskii and Justin Case, initially discovered the problems after an update to the Sense UI (user interface) was released by HTC.

The update installed some new tools to their devices, which can be used to extract personal information simply by installing a malicious application that requires Internet permissions.

It allows any Android application that connects to the Web or shows ads to access a list of user accounts on the device, including email addresses and sync status. In addition, one can also access last known network and GPS data, along with a limited previous history of locations.

Moreover, the buggy tools expose phone numbers, SMS data, and other system logs. The SMS exposure includes encoded text, but it is unknown if this data can be decrypted. Also of note is the installation of 'androidvncserver'. As the name suggests, HTC has placed a VNC application on devices, but with no explanation as to why.

“Sprint worked closely with HTC after reports emerged of a potential issue that could allow malicious third-party apps to compromise data on Android devices made by HTC. We urge all users to install the update promptly,” the company said.

Additional information on the Sprint patches can be seen here. The update covers those using the EVO 4G, 3D, Shift 4G, Design 4G, View 4G, and HTC Wildfire S devices.

T-Mobile is also pushing updates for myTouch 4G Slide and G2 devices. Thunderbolt updates are packed inside the Gingerbread installation being pushed by Verizon. For those who have not seen the OTA updates, you can attempt a manual update by going to:

Settings - System updates - HTC software update - Check Now.

 

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

NBA All-Star LeBron James Teams with Kia

NBA All-Star LeBron James has signed a deal with Kia to be the company’s first luxury ambass...

Classic Car Buying Guide: Hillman Super Minx

What to look for when buying a Classic Car: We use The Hillman Super Minx as an example What...

A Guy Let His Wife Loose With A Sharpie On His Car. What She Did Will Blow Your Mind.

This guy let his wife loose with a sharpie on his Nissan Skyline R33 GTR — and the result is...

2015 Nissan Armada Prices

Nissan has released pricing details for the 2015 Nissan Armada in the US. The 2015 Nissan Ar...

Aquaplaning Danger Highlighted in Video

This UK video highlights the dangers of aquaplaning. When you drive your car over some sitti...