New Vulnerability Found in HTC Android Phones with WiMax Radios

One day after HTC and Sprint started to roll out a software update to all the EVO family devices that was meant to patch a hole it the smartphones' security, a new vulnerability has been found that threatens the usage of these HTC devices.

It appears that XDA developer TrevE has been working hard on founding and patching some of the security flaws found on some of HTC's Android smartphones.

TrevE has recently discovered several critical vulnerabilities in the code found inside HTC handsets, more precisely on the EVO series devices, as well as HTC Sensation and Kingdom.

It appears that one of these security problems that would allow a third-party to collect information about the device's usage as well as other sensitive data, has just been patched with the latest software update provided recently by Sprint and HTC.

However, when TrevE ran his diagnostics he found multiple vulnerabilities and informed HTC about all of them giving the company a 5 working days to find a way to patch all of them before going public with the information.

The good news is that HTC managed to find a solution to one of the critical issues and delivered the security update yesterday, the bad news is that not all vulnerabilities have been removed.

TrevE's latest discovery implies that anyone with an HTC device that integrates an WiMax radio is even more open to a third-party attacks than the htcloggers.apk code responsible for the first vulnerability that was recently patched.

In other words, any tech-savvy with some programming knowledge would be able to reprogram the device's CDMA parameters remotely or even crash the phone anytime he wants.

According to TrevE, this is done via four ports that can be opened up without authentication. The attacker can obtain your network information, but he can also send commands to the radio using the WiMax monitoring port.

Even though only a handful of commands have been discovered, one of them can freeze your phone by sending a single “coma.”

Thankfully, TrevE also offers a quick patch for all those who want to protect themselves until HTC issues another security update.

Check out the video below for a more technical explanations of the vulnerability found by TrevE.

Thank you TrevE!