Tuesday, October 4, 2011

#HTCLogger security hole leaves your personal info out in the open - #android #htc

Buying a new phone or getting a new system update is always exciting. But what if we told you that the latest system update you received on your HTC device or the new EVO 3D you’re carrying around could be exposing some of your personal information.

Over the weekends, Android Police revealed that the HTCLogger.apk included in the latest HTC phones and software updates has a major flow. HTC uses the application to log system information which is used to identify OS bugs. Unfortunately, the app stores a lot of the information it collects without encrypting any of the data and thus making it available to any application that knows where to look.
HTCLogger collects account names, call log data and GPS location, but if does not store any password and other information which would give potential hackers access to your accounts. The real security issue really arose when Android Police posted the story and exact details on how to exploit the security hole.
HTC is aware of the situation and will probably roll out an update to any affected devices as soon as they can.
HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken
If you’re not willing to wait for HTC’s official patch, you can always uninstall the app from /system/app/HtcLoggers.apk on your own (if you have root access).

Source : Here

No comments:

Post a Comment