HTC Android Bug Exposes Key Data - InformationWeek
IoT
IoT
Mobile // Mobile Devices
News
10/3/2011
05:25 PM
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

HTC Android Bug Exposes Key Data

A vulnerability in HTC Android software of recent vintage could allow a malicious app with ordinary permissions to gain access to extensive logging information about the phone.

A vulnerability in HTC Android software of recent vintage could allow a malicious app with ordinary permissions to gain access to extensive logging information about the phone, according to a blog entry at Android Police.

HTC customized its Android environment with a feature called Tell HTC, which keeps extensive logs on the phone and sends them to HTC. The feature is turned on by default. Most systems have such agreements these days and the data is used to improve service. The data is, however, extensive and could be used in various attacks, generally identity theft attacks.

The vulnerability was discovered by hacker Trevor Eckhart. Eckhart's proof of concept app shows some of the data recovered:

Eckhart describes the bug as a security elevation bug, but it's better termed an information disclosure bug. The problem is that HTC has made logging information available without appropriate permissions.

The Android Police blog also explains how to root your phone in order to remove the logging application.

When an Android user installs an application, the app presents a list of permissions it requests. At this point the user must judge whether he trusts the application with those permissions. The proof of concept application written by Eckhart requests only "Network communications - full Internet access" permission, which is normal for any application that communicates over the Internet.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll