Wednesday, October 5, 2011

HTC working on fix for serious security flaw on some Android phones

7:35 AM | Posted by ProJ | | Edit Post

feeling among the models affected by the vulnerability that may permit any registration to access the Internet and access e-mail application, data number, text and phone

HTC said it is working on a patch for a flaw in its Android smartphones that can allow applications to access personal information. The data presented include the names of e-mail account, the last known network locations and GPS data from their mobile phone numbers, registration details and telephone system logs.



HTC, which sold 11 million smartphones worldwide in the second quarter of this year, he gave no timetable for the review.

"/ Aa>
failure, discovered by the police Android is limited to HTC phones, rather than any Android device. However, HTC has some of the most popular phones Android, disclosure can mean a race against time to correct the flaws before they are exploited by criminals.

According to police control Android, the list of known phones are assigned as follows:

some models . HTC Sensation

. EVO 4G

. EVO 3D

. Lightning

. 4G EVO Shift

(possibly) Slide MyTouch 4G

(possibly) Vigor

(optionally) Make 4G

(possibly) the Kingdom soon.

According to Justin Case, Trevor Eckhart and Artem Android Russakovski police, who discovered and confirmed the decision, which reported the HTC September 24 of their results, but received no response has decided to go.
  • In a statement, the company said later
"HTC is working very diligently to quickly release a security update that fixes the problem in the affected devices ... After a short trial period of our transport partners, the patch will be sent through the air for customers who download and install know. We urge all users to install the update immediately. Meanwhile, as always, we urge customers to exercise caution when downloading, use, install and update applications from untrusted sources. "

The decision was actually made by HTC itself, business, and Russakovski Eckhart say that a set of tools added by the logging company to collect user information is not secure . "Applications of applications affected devices [Internet access], which is normal for any application that connects to the Internet or advertising programs, you can get your hands on the data," the authors write. "When you install a simple, innocent in the market for applications for new game only on the Internet [access] permission (to present the results online, for example) is not expected to read your call log or list e-mail. "
Russakovski said. "I want to reiterate that the only reason that the drain is on the left and right data is that HTC put your ferret in this manner is like leaving the keys under the mat and is not expected to open the door . "Trio created a simple proof of concept application that was able to reproduce access feared.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive