The Tech Herald

HTC fixes Android data leak vulnerability - users told to update

by Steve Ragan - Oct 26 2011, 14:00

HTC has delivered on a promise to fix a data leak vulnerability discovered earlier this month. The patch, which is being delivered Over-The-Air to T-Mobile and Sprint subscribers, is an encouraged update for all customers.

Earlier this month, application developer Trevor Eckheart, along with Artem Russakovskii and Justin Case, initially discovered the problems after an update to the Sense UI (user interface) was released by HTC.

The update installed some new tools to their devices, which can be used to extract personal information simply by installing a malicious application that requires Internet permissions.

It allows any Android application that connects to the Web or shows ads to access a list of user accounts on the device, including email addresses and sync status. In addition, one can also access last known network and GPS data, along with a limited previous history of locations.

Moreover, the buggy tools expose phone numbers, SMS data, and other system logs. The SMS exposure includes encoded text, but it is unknown if this data can be decrypted. Also of note is the installation of 'androidvncserver'. As the name suggests, HTC has placed a VNC application on devices, but with no explanation as to why.

“Sprint worked closely with HTC after reports emerged of a potential issue that could allow malicious third-party apps to compromise data on Android devices made by HTC. We urge all users to install the update promptly,” the company said.

Additional information on the Sprint patches can be seen here. The update covers those using the EVO 4G, 3D, Shift 4G, Design 4G, View 4G, and HTC Wildfire S devices.

T-Mobile is also pushing updates for myTouch 4G Slide and G2 devices. Thunderbolt updates are packed inside the Gingerbread installation being pushed by Verizon. For those who have not seen the OTA updates, you can attempt a manual update by going to:

Settings - System updates - HTC software update - Check Now.

 

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Car Games Update August 30th

We have added a few new games to the car games section of Autosaur. First up is the Car Eats...

2015 Toyota Tundra TRD Pro Prices

Toyota have announced prices for their 2015 Tundra TRD Pro, based on the Tundra it includes ...

2015 Toyota Tundra TRD Pro Pictures

Toyota recently announced prices for the 2015 Toyota Tundra TRD Pro. We have added some...

2015 Dodge Challenger Mopar Challenger Drag Pak Pictures

Mopar have been showing off their 2015 Mopar Challenger Drag Pak test vehicle at the Nationa...

Ford Customers Test 2015 F-150

Ford have selected four customers from the 15,000 who applied to be first to test the latest...