HTC Gaping Security Hole

Reply Subscribe

Thread Tools

Search this Thread

Oct 3, 2011 | 08:22 PM

JackClark

Thread Starter

Scooby Senior

Joined: Dec 2000

Posts: 20,896

Likes: 53

From: Overdosed on LCD

HTC Gaping Security Hole

This is what happens when you trust your data to a company with very little software experience. Some devices mentioned in the article, more being found.

Exposed data includes

The list of user accounts, including email addresses
A log of recent GPS locations
Phone numbers taken from recent call logs
SMS data, including recent numbers and encoded messages

Encouraging news from HTC "We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken." good luck getting the updates out.

http://www.bbc.co.uk/news/technology-15149588

Oct 3, 2011 | 08:49 PM

jsh1

Scooby Regular

iTrader: (1)

Joined: Aug 2008

Posts: 280

Likes: 0

From: Warwickshire

I am not going down the whole Android vs iOS route again, but this does highlight a significant advantage of Apple's "closed" approach to Apps and approving every one before release.

The "open" Android approach does leave you somewhat exposed to potential security risks.

Jason

Oct 3, 2011 | 09:01 PM

jonc

Scooby Regular

Joined: Apr 2002

Posts: 7,647

Likes: 22

Yes, good job Apple have everything covered
http://www.informationweek.com/news/...ties/231601766

Oct 3, 2011 | 11:38 PM

JackClark

Thread Starter

Scooby Senior

Joined: Dec 2000

Posts: 20,896

Likes: 53

From: Overdosed on LCD

Quote:

Originally Posted by jonc

Yes, good job Apple have everything covered
http://www.informationweek.com/news/...ties/231601766

This isn't a security pissing contest Jon, we can all dig out past articles.

Oct 4, 2011 | 12:21 AM

bioforger

Scooby Regular

iTrader: (1)

Joined: Jan 2002

Posts: 16,995

Likes: 5

From: Pig Hill, Wiltsh1te

lol not a pissing contest and yet you post up anything -ve against droid as soon as it hits the media.

Oct 4, 2011 | 07:40 AM

Saint AAI

Scooby Regular

Joined: Mar 2005

Posts: 964

Likes: 0

As far as I'm aware there are no malicious apps that use that exploit currently and HTC have acknowledged the bug and are going to roll out updates to close the hole shortly. Nothing to be worried about, you can easily fix it yourself by removing the HTC logging app.

Oct 4, 2011 | 09:27 AM

JackClark

Thread Starter

Scooby Senior

Joined: Dec 2000

Posts: 20,896

Likes: 53

From: Overdosed on LCD

Just how do you "easily" fix it yourself? Run a dodgy program?

Best advice is to not even try fixing it yourself, just be very, very careful choosing apps to install and have a good think about ones that you've already installed. Wake up call for a clean out of unwanted apps.

Take the post how you want @bioforger, I certainly appreciate valid security alerts regarding my products, people pay good money for a service like that.

Trending Topics

Does anyone recognise the reg V345 SUD

1

73
Info on these overalls

1

158

Oct 4, 2011 | 10:12 AM

Saint AAI

Scooby Regular

Joined: Mar 2005

Posts: 964

Likes: 0

Quote:

Originally Posted by JackClark

Just how do you "easily" fix it yourself? Run a dodgy program?

Just uninstall the HTC logging app. You do need root access to do it though as it's a system app built into the HTC ROM. I use a custom ROM so it's not there anyway.

Oct 4, 2011 | 10:41 AM

Scooby Soon!

Scooby Regular

Joined: Sep 2002

Posts: 2,551

Likes: 0

hopefully my galaxy s2 will be fine

It seems all the phones with the possible problem are USA phones?

as always best advice is to avoid weird obscure apps and you will be fine.

Oct 4, 2011 | 11:19 AM

#10

jonc

Scooby Regular

Joined: Apr 2002

Posts: 7,647

Likes: 22

Quote:

Originally Posted by JackClark

This isn't a security pissing contest Jon, we can all dig out past articles.

I know it isn't, but your opening post would suggest otherwise. Besides, the reality is we all know is that OSX is no more secure than the latest Windows OS. Having a smaller market share does not make OSX more secure. The article I posted is relatively current as I understand it and still remains unpatched.

When you put your personal data in the trust of a company that has vast experience in producing software designed specifically for their hardware, it's encouraging to know that there are still people out there who highlight the major vulnerabilities that exist in their software. You will of course appreciate the validity of this security vulnerability in OSX and this service comes free of charge and is not included in the premium you pay on Apple products

Last edited by jonc; Oct 4, 2011 at 11:22 AM.

Oct 4, 2011 | 12:06 PM

#11

chris84

Scooby Regular

iTrader: (1)

Joined: Aug 2010

Posts: 521

Likes: 0

From: W Yorkshire

It's not fair to compare the different approaches used for the app stores of both Android and Apple in this instance.

The bug is within HTCs shipped ROM and not an application downloaded from the market. Most software is shipped with some kind of bugs hence updates. Neither Apple, Android or Windows are perfect.

I'm not giving examples, it's not a fight.

People who own and like the iphone will always have biased opinions. Just like I'm sure most on here would agree that an Impreza is better than an Evo

Oct 4, 2011 | 12:16 PM

#12

GazTheHat

Scooby Regular

Joined: Aug 2005

Posts: 7,638

Likes: 0

From: 392/361 MY04 STi

Quote:

Originally Posted by bioforger

lol not a pissing contest and yet you post up anything -ve against droid as soon as it hits the media.

So true.

Oct 4, 2011 | 12:24 PM

#13

Tidgy

Scooby Regular

Joined: Sep 2004

Posts: 23,118

Likes: 150

From: Notts

droid aint perfect, apple aint perfect, job done.

whats next?

Oct 4, 2011 | 12:47 PM

#14

JackClark

Thread Starter

Scooby Senior

Joined: Dec 2000

Posts: 20,896

Likes: 53

From: Overdosed on LCD

Quote:

Originally Posted by Saint AAI

Just uninstall the HTC logging app. You do need root access to do it though as it's a system app built into the HTC ROM. I use a custom ROM so it's not there anyway.

Gibberish.

Oct 4, 2011 | 12:52 PM

#15

JackClark

Thread Starter

Scooby Senior

Joined: Dec 2000

Posts: 20,896

Likes: 53

From: Overdosed on LCD

Quote:

Originally Posted by jonc

I know it isn't, but your opening post would suggest otherwise.

I'd change Gaping if I could. But it's still a valid post. Yours on the other hand is old tripe, gleaned from the blog of a publicity hungry security company. It's old news, yes people should know that you can reset passwords, have been able to since I can remember, no it's not a valid link to be posting on this particular thread.

Oct 4, 2011 | 01:18 PM

#16

Saint AAI

Scooby Regular

Joined: Mar 2005

Posts: 964

Likes: 0

Not gibberish at all. People can wait for HTC to release the update which will be over the air so easy and painless, something iOS users will be able to do soon

. For people who don't want to wait and are worried about a very minor security bug, they can sort it themselves. I say minor as there are no reports of anyone being a victim of this exploit and it is highly likely that no one will be.

Quote:

Originally Posted by HTC

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

Source

Oct 4, 2011 | 01:27 PM

#17

TonyBurns

Scooby Regular

iTrader: (3)

Joined: Aug 2000

Posts: 25,565

Likes: 2

From: 1600cc's of twin scroll fun :)

Hey its Jack and apple do nothing wrong

Oh wasnt it quite recently that apple logged all your locations and you could do nothing about it, well as we see, no one is perfect and HTC acknowledge that.
So, unless you can really come up with something different Jack, I wouldnt post gibberish as you put it

Tony

Oct 4, 2011 | 01:34 PM

#18

JackClark

Thread Starter

Scooby Senior

Joined: Dec 2000

Posts: 20,896

Likes: 53

From: Overdosed on LCD

Quote:

Originally Posted by TonyBurns

Hey its Jack and apple do nothing wrong

Tony

Save your fingertips Tony, you're living in the past.

Oct 4, 2011 | 01:37 PM

#19

bigsinky

Scooby Regular

Joined: Dec 2002

Posts: 19,408

Likes: 0

From: Sunny BELFAST

awwwwww Jack you make me smile.........

Oct 4, 2011 | 02:00 PM

#20

Ant

Scooby Regular

Joined: Jun 2008

Posts: 9,243

Likes: 0

From: Notts

Reel em in jack , you got a big catch today

Oct 4, 2011 | 02:43 PM

#21

jonc

Scooby Regular

Joined: Apr 2002

Posts: 7,647

Likes: 22

Quote:

Originally Posted by Ant

Reel em in jack , you got a big catch today

He's a great sport, I'll give him that!

Last edited by jonc; Oct 4, 2011 at 04:18 PM.

Oct 4, 2011 | 03:01 PM

#22

TonyBurns

Scooby Regular

iTrader: (3)

Joined: Aug 2000

Posts: 25,565

Likes: 2

From: 1600cc's of twin scroll fun :)

I just laugh at him

all fan boy and cant take the stick back

Tony

Oct 4, 2011 | 04:16 PM

#23

jonc

Scooby Regular

Joined: Apr 2002

Posts: 7,647

Likes: 22

Quote:

Originally Posted by JackClark

If you took your iBlinkers off for a split second, you'll see that this "old tripe" is widely reported and still current after all this time as Apple still have not plugged this hole.

It's heartening to know that despite all the hype and mis-information spread about that Apple OSX being the most secure OS in the world, they can produce software specifically for their own hardware and yet can still get it so glaringly wrong, it means they are human afterall.

Oct 4, 2011 | 05:10 PM

#24

JackClark

Thread Starter

Scooby Senior

Joined: Dec 2000

Posts: 20,896

Likes: 53

From: Overdosed on LCD

Do you think your Windows password is out of reach? And what has this thread got to do with Apple anyhow, why do you Fandroids always try to change the subject, it's childish.

Oct 7, 2011 | 04:32 AM

#25

bgood

Scooby Regular

iTrader: (2)

Joined: Sep 2004

Posts: 2,025

Likes: 0

From: If you rev it, they will come!

Thanks for reminding me to add you to my ignore list Jack, been meaning to do that for a while

Oct 7, 2011 | 04:40 AM

#26

chris84

Scooby Regular

iTrader: (1)

Joined: Aug 2010

Posts: 521

Likes: 0

From: W Yorkshire

Quote:

Originally Posted by bgood

Thanks for reminding me to add you to my ignore list Jack, been meaning to do that for a while

Oct 7, 2011 | 07:44 AM

#27

JackClark

Thread Starter

Scooby Senior

Joined: Dec 2000

Posts: 20,896

Likes: 53

From: Overdosed on LCD

You won't hear this, but good.

Oct 7, 2011 | 09:55 AM

#28

hutton_d

Guest

Posts: n/a

Two HTC phones in my house - neither has the "affected" apk installed anyway. And both are up to date software-wise. Not that I'd be losing sleep over the issue anyway as, as has been said, nobody has actually "exploited" it yet.

More fuss over nothing.

Dave

Oct 7, 2011 | 10:36 AM

#29

P1Fanatic

Scooby Regular

Joined: Dec 2001

Posts: 12,387

Likes: 0

From: Arborfield, Berkshire

Id be more concerned at their appalling customer service. If you didnt see Watchdog last night it was rather worrying. Phones sent to get repaired and lost, phones sent with s/w issue and came back with scratches all over.