HTC Adds Huge Security Holes to Android Phones
HTC adds snooping features to Android phones, which can be easily accessed by any rogue software.
With a HTC phone, even Android users who tediously micromanage their software installs are not safe from security problems.
Any app on affected devices that requests a single [INTERNET permission] (which is normal for any app that connects to the web or shows ads) can get its hands on:
- the list of user accounts, including email addresses and sync status for each
- last known network and GPS locations and a limited previous history of locations
- phone numbers from the phone log
- SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)
- system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Basically, HTC added HtcLoggers.apk to collect Android user data. The spyware can send all kinds of data to remote servers, and did not require any password to access it.
HTC also added a dormant VNC remote access server to Android phones. If active, the HTC installed VNC can be used to spy on everything the user does in real time.
Security vulnerability affects
- HTC EVO 4G
- HTC EVO 3D
- HTC Thunderbolt
- Many many more with HTC Sense Android firmware
Android, open to malware and open to Taiwanese manufacturer spying.
- Android apps including those in Google Play Store vulnerable to MitM remote code execution exploit
- Over 1 Million Android User Data Compromised
- HTC Infringes on Apple Patents, Might Ban Android Phones
- .txt File Can Gain Admin Rights on Windows + Server [Security Fail]
- 130 Million+ Android & BlackBerry Phones sold with Carrier IQ Key-Logger Rootkit [video]