HTC Android Phones Highly Vulnerable to Data Leaks

Until an update is released, there's nothing much that can be done

By on October 3rd, 2011 07:34 GMT

HTC Android phone owners should be very wary about certain applications they set up on their mobile devices, as recent research uncovered a bug in the logging system that gives programs a high level of access to sensitive information.

Trevor Eckhart discovered that any app installed on devices such as the Evo 3D, Evo 4G and Thunderbolt, that requests internet access can easily obtain data such as account credentials, GPS location, phone log information, SMS data and system logs.

According to the Android Police, this is disturbing because no one would expect that any simple app that needs and internet connection could actually compromise a large part of the machine's content.

After further looking into the problem, Artem Russakovskii noticed that other things are also available to anyone who can make good use of this weakness. CPU, memory, network and file system info could all end up in the wrong hands due to this error.

The device's build number, radio version, kernel version, processes and installed app lists, system proprieties, battery and other information is practically leaked through this hole in the software.

“Theoretically, it may be possible to clone a device using only a small subset of the information leaked here,” Russakovskii revealed.

He compared the issue to “leaving your keys under the mat and expecting nobody who finds them to unlock the door.”

A small app was made available that will help users determine if they're susceptible to the attack, but unfortunately, unless you have a rooted apparatus, you cannot do much to fix the problem. Meanwhile, owners are recommended not to install suspicious software and if they do have a rooted phone, they should remove the pesky logger called Htcloggers.

Mobile Beat obtained a response from HTC on the matter.

"HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”

A proof-of-concept video can be found in the Softpedia Editor Blogs

Comments