A security flaw was found over the weekend specifically, in regards to HTC’s software found in all their Android devices with their Sense UI. We posted the news earlier today and HTC was quick to respond saying they would look into it. True to their word, after taking a look at the data, they have confirmed the security hole and will begin working with carriers to release an OTA update to patch everything up. HTC issued this statement:
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
The security flaw essentially makes it possible for a malicious app to gain the private information HTC logs, like your coordinates, user account information and system logs. If you thought HTC would drag their feet in dealing with this potentially big issue — well you were wrong. Now we just have to see how well carriers will work with the company in pushing out a speedy update.
[Via Engadget]
This is a big test for the carriers to see how quickly they can roll this update out once it’s released by HTC. I don’t know of any vulnerability previously discovered for Android phones (made by HTC or anyone else) that allows assess to such sensitive data so easily. Very poor form on HTC’s part for not securing this data more carefully. That’s even assuming that they needed to collect most of it in the first place, eg. why log/transmit full phone numbers for troubleshooting? Why not just country code + area code + xxxxx?
stfu, go troll somewhere else, everyone makes mistakes, its about reaction time to resolve the issue, and to no surprise at all to most loyal HTC consumers, HTC quickly nipped this issue in the bud, n if u weren’t so retarded, u would know that certain data is needed to better serve the individual consumer per handset, but they aren’t like apple, if u pay attention, when ur setting up ur htc phone, it asks for permission to access this data. ur such an ignorant noob…S/N: its ACCESS not ASSESS U ASS. SMH
WOW, too much coffee? I personally like my TB but the only reason we heard about this story is because HTC didn’t react to nip the issue. The guy that sent it didn’t get a response. They only reacted to saved face after it went public.
Calm down, precious. I’m not a troll – I like HTC and I’m on my third HTC phone. I’m also a professional programmer (9 years experience) and this is not a simple mistake. It’s extremely poor design and if HTC are going to go further than any other manufacturer in logging user interactions, then they have a responsibility to the user to ensure that data is secured adequately. At the very least, this data should be encrypted and I’d also argue that any identifying information should be obscured when stored. It *is* the worst example of exposing sensitive user data in the history of the Android OS – if you can name a worse example, go right ahead. They haven’t resolved the issue at all – they were told five days ago, today they’ve admitted there’s a problem. There’s no patch, no action, only promises – nothing has been nipped in the bud as you claim (although I would expect them to release a patch soon). Ignorant, noob, retarded – use any words you want, it’s not me who needs to grow up. And yes, I know how to spell ‘access’ and I made a typo. That is an example of a mistake. Designing and building a system with totally inadequate security – when it is the user’s data that is at risk – is in a completely different league. That’s why I buy HTC for the hardware. Their software is extremely buggy as any programmer will tell you.
Someone’s a troll, but it’s not who you think it is.
Well written.
Well written? There are multiple things that make this article very hard to read and it’s only a short paragraph. It seems most of what Chris Chavez writes is quite grammatically error ridden and honestly confusing upon first read, that’s not to say that he doesn’t have good content because most of his articles are entertaining, but at the same time those same errors make it difficult to understand the content in the article. And YES I BE TROLLIN’ right now so no need to respond with the troll comments…
GNOME!! :)