A vulnerability in HTC Android software of recent vintage could allow a malicious app with ordinary permissions to gain access to extensive logging information about the phone.
A vulnerability in HTC Android software of recent vintage could allow a malicious app with ordinary permissions to gain access to extensive logging information about the phone, according to a blog entry at Android Police.
HTC customized its Android environment with a feature called Tell HTC, which keeps extensive logs on the phone and sends them to HTC. The feature is turned on by default. Most systems have such agreements these days and the data is used to improve service. The data is, however, extensive and could be used in various attacks, generally identity theft attacks.
The vulnerability was discovered by hacker Trevor Eckhart. Eckhart's proof of concept app shows some of the data recovered:
Eckhart describes the bug as a security elevation bug, but it's better termed an information disclosure bug. The problem is that HTC has made logging information available without appropriate permissions.
The Android Police blog also explains how to root your phone in order to remove the logging application.
When an Android user installs an application, the app presents a list of permissions it requests. At this point the user must judge whether he trusts the application with those permissions. The proof of concept application written by Eckhart requests only "Network communications - full Internet access" permission, which is normal for any application that communicates over the Internet.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.