14 DAY TRIAL // One week after this security update was deployed to all EVO family devices available in the United States, Rogers customers who own the EVO 3D can patch their phones' software as well.
It looks like several developers discovered and reported that HTC EVO smartphones, as well as the Sensation model, are plagued by an issue that allows potential malicious apps that ask users for Internet permissions, to gain access to sensitive data.
Basically, the malicious apps are reportedly accessing the HtcLoggers service and collects personal user information, including phone logs, GPS location and SMS data, as well as contact numbers and email accounts.
The Taiwanese handset manufacturer denied any reports of the claimed vulnerability: “So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.”
However, HTC admitted that its EVO family devices and the HTC Sensation have a security issue that could lead to personal data leaks.
In this regard, the company issued and statement and informed users that is working on a fix that will be be delivered in due time:
“In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.”
Unfortunately, a second vulnerability has been discovered by developer TrevE who informed HTC and asked for a fix to be released as soon as possible.
The said security vulnerability affects the same devices that feature WiMAX radios and allows a third-party app to reprogram the phone's CDMA parameters remotely, send various commands or even crash the device.
Until HTC patches this vulnerability, Rogers customers who own an HTC EVO 3D smartphone are strongly recommended to download and install this security update.
