Mobile // Mobile Devices
News
10/3/2011
05:25 PM
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%

HTC Android Bug Exposes Key Data

A vulnerability in HTC Android software of recent vintage could allow a malicious app with ordinary permissions to gain access to extensive logging information about the phone.

A vulnerability in HTC Android software of recent vintage could allow a malicious app with ordinary permissions to gain access to extensive logging information about the phone, according to a blog entry at Android Police.

HTC customized its Android environment with a feature called Tell HTC, which keeps extensive logs on the phone and sends them to HTC. The feature is turned on by default. Most systems have such agreements these days and the data is used to improve service. The data is, however, extensive and could be used in various attacks, generally identity theft attacks.

The vulnerability was discovered by hacker Trevor Eckhart. Eckhart's proof of concept app shows some of the data recovered:

Eckhart describes the bug as a security elevation bug, but it's better termed an information disclosure bug. The problem is that HTC has made logging information available without appropriate permissions.

The Android Police blog also explains how to root your phone in order to remove the logging application.

When an Android user installs an application, the app presents a list of permissions it requests. At this point the user must judge whether he trusts the application with those permissions. The proof of concept application written by Eckhart requests only "Network communications - full Internet access" permission, which is normal for any application that communicates over the Internet.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.