HTC Gaping Security Hole
03 October 2011, 08:22 PM
#1
Scooby Senior
Thread Starter
HTC Gaping Security Hole
This is what happens when you trust your data to a company with very little software experience. Some devices mentioned in the article, more being found.
Exposed data includes
Encouraging news from HTC "We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken." good luck getting the updates out.
http://www.bbc.co.uk/news/technology-15149588
Exposed data includes
- The list of user accounts, including email addresses
- A log of recent GPS locations
- Phone numbers taken from recent call logs
- SMS data, including recent numbers and encoded messages
Encouraging news from HTC "We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken." good luck getting the updates out.
http://www.bbc.co.uk/news/technology-15149588
03 October 2011, 08:49 PM
#2
Scooby Regular
iTrader: (1)
Join Date: Aug 2008
Location: Warwickshire
Posts: 280
Likes: 0
Received 0 Likes
on
0 Posts
I am not going down the whole Android vs iOS route again, but this does highlight a significant advantage of Apple's "closed" approach to Apps and approving every one before release.
The "open" Android approach does leave you somewhat exposed to potential security risks.
Jason
The "open" Android approach does leave you somewhat exposed to potential security risks.
Jason
03 October 2011, 09:01 PM
#3
03 October 2011, 11:38 PM
#4
Scooby Senior
Thread Starter
Yes, good job Apple have everything covered
http://www.informationweek.com/news/...ties/231601766
http://www.informationweek.com/news/...ties/231601766
04 October 2011, 07:40 AM
#6
Scooby Regular
Join Date: Mar 2005
Posts: 964
Likes: 0
Received 0 Likes
on
0 Posts
As far as I'm aware there are no malicious apps that use that exploit currently and HTC have acknowledged the bug and are going to roll out updates to close the hole shortly. Nothing to be worried about, you can easily fix it yourself by removing the HTC logging app.
04 October 2011, 09:27 AM
#7
Scooby Senior
Thread Starter
Just how do you "easily" fix it yourself? Run a dodgy program?
Best advice is to not even try fixing it yourself, just be very, very careful choosing apps to install and have a good think about ones that you've already installed. Wake up call for a clean out of unwanted apps.
Take the post how you want @bioforger, I certainly appreciate valid security alerts regarding my products, people pay good money for a service like that.
Best advice is to not even try fixing it yourself, just be very, very careful choosing apps to install and have a good think about ones that you've already installed. Wake up call for a clean out of unwanted apps.
Take the post how you want @bioforger, I certainly appreciate valid security alerts regarding my products, people pay good money for a service like that.
Trending Topics
04 October 2011, 10:12 AM
#8
Scooby Regular
Join Date: Mar 2005
Posts: 964
Likes: 0
Received 0 Likes
on
0 Posts
04 October 2011, 10:41 AM
#9
Scooby Regular
Join Date: Sep 2002
Posts: 2,551
Likes: 0
Received 0 Likes
on
0 Posts
hopefully my galaxy s2 will be fine 
It seems all the phones with the possible problem are USA phones?
as always best advice is to avoid weird obscure apps and you will be fine.
It seems all the phones with the possible problem are USA phones?as always best advice is to avoid weird obscure apps and you will be fine.
04 October 2011, 11:19 AM
#10
When you put your personal data in the trust of a company that has vast experience in producing software designed specifically for their hardware, it's encouraging to know that there are still people out there who highlight the major vulnerabilities that exist in their software. You will of course appreciate the validity of this security vulnerability in OSX and this service comes free of charge and is not included in the premium you pay on Apple products
Last edited by jonc; 04 October 2011 at 11:22 AM.
04 October 2011, 12:06 PM
#11
Scooby Regular
iTrader: (1)
Join Date: Aug 2010
Location: W Yorkshire
Posts: 521
Likes: 0
Received 0 Likes
on
0 Posts
It's not fair to compare the different approaches used for the app stores of both Android and Apple in this instance.
The bug is within HTCs shipped ROM and not an application downloaded from the market. Most software is shipped with some kind of bugs hence updates. Neither Apple, Android or Windows are perfect.
I'm not giving examples, it's not a fight.
People who own and like the iphone will always have biased opinions. Just like I'm sure most on here would agree that an Impreza is better than an Evo
The bug is within HTCs shipped ROM and not an application downloaded from the market. Most software is shipped with some kind of bugs hence updates. Neither Apple, Android or Windows are perfect.
I'm not giving examples, it's not a fight.
People who own and like the iphone will always have biased opinions. Just like I'm sure most on here would agree that an Impreza is better than an Evo
04 October 2011, 12:47 PM
#14
Scooby Senior
Thread Starter
04 October 2011, 12:52 PM
#15
Scooby Senior
Thread Starter
I'd change Gaping if I could. But it's still a valid post. Yours on the other hand is old tripe, gleaned from the blog of a publicity hungry security company. It's old news, yes people should know that you can reset passwords, have been able to since I can remember, no it's not a valid link to be posting on this particular thread.
04 October 2011, 01:18 PM
#16
Scooby Regular
Join Date: Mar 2005
Posts: 964
Likes: 0
Received 0 Likes
on
0 Posts
Not gibberish at all. People can wait for HTC to release the update which will be over the air so easy and painless, something iOS users will be able to do soon 
. For people who don't want to wait and are worried about a very minor security bug, they can sort it themselves. I say minor as there are no reports of anyone being a victim of this exploit and it is highly likely that no one will be.
Source
. For people who don't want to wait and are worried about a very minor security bug, they can sort it themselves. I say minor as there are no reports of anyone being a victim of this exploit and it is highly likely that no one will be.
Originally Posted by HTC
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
04 October 2011, 01:27 PM
#17
Scooby Regular
iTrader: (3)
Join Date: Aug 2000
Location: 1600cc's of twin scroll fun :)
Posts: 25,565
Likes: 0
Received 2 Likes
on
2 Posts
Hey its Jack and apple do nothing wrong 
Oh wasnt it quite recently that apple logged all your locations and you could do nothing about it, well as we see, no one is perfect and HTC acknowledge that.
So, unless you can really come up with something different Jack, I wouldnt post gibberish as you put it
Tony
Oh wasnt it quite recently that apple logged all your locations and you could do nothing about it, well as we see, no one is perfect and HTC acknowledge that.
So, unless you can really come up with something different Jack, I wouldnt post gibberish as you put it
Tony
04 October 2011, 01:34 PM
#18
Scooby Senior
Thread Starter
Hey its Jack and apple do nothing wrong
Oh wasnt it quite recently that apple logged all your locations and you could do nothing about it, well as we see, no one is perfect and HTC acknowledge that.
So, unless you can really come up with something different Jack, I wouldnt post gibberish as you put it
Tony
Oh wasnt it quite recently that apple logged all your locations and you could do nothing about it, well as we see, no one is perfect and HTC acknowledge that.
So, unless you can really come up with something different Jack, I wouldnt post gibberish as you put it
Tony
04 October 2011, 04:16 PM
#23
I'd change Gaping if I could. But it's still a valid post. Yours on the other hand is old tripe, gleaned from the blog of a publicity hungry security company. It's old news, yes people should know that you can reset passwords, have been able to since I can remember, no it's not a valid link to be posting on this particular thread.
If you took your iBlinkers off for a split second, you'll see that this "old tripe" is widely reported and still current after all this time as Apple still have not plugged this hole.It's heartening to know that despite all the hype and mis-information spread about that Apple OSX being the most secure OS in the world, they can produce software specifically for their own hardware and yet can still get it so glaringly wrong, it means they are human afterall.
04 October 2011, 05:10 PM
#24
Scooby Senior
Thread Starter
Do you think your Windows password is out of reach? And what has this thread got to do with Apple anyhow, why do you Fandroids always try to change the subject, it's childish.
07 October 2011, 09:55 AM
#28
Guest
Posts: n/a
Two HTC phones in my house - neither has the "affected" apk installed anyway. And both are up to date software-wise. Not that I'd be losing sleep over the issue anyway as, as has been said, nobody has actually "exploited" it yet.
More fuss over nothing.
Dave
More fuss over nothing.
Dave
07 October 2011, 10:36 AM
#29
Scooby Regular
Join Date: Dec 2001
Location: Arborfield, Berkshire
Posts: 12,387
Likes: 0
Received 0 Likes
on
0 Posts
Id be more concerned at their appalling customer service. If you didnt see Watchdog last night it was rather worrying. Phones sent to get repaired and lost, phones sent with s/w issue and came back with scratches all over.
