OS Upgrade Opens Security Hole in HTC Smartphones
Published on: 3rd Oct 2011
Note -- this news article is more than a year old.
By: Ian Mansfield
An update to the software inside a couple of HTC smartphones has opened a security hole that could enable unauthorised access to a users email GPS location and text messages.
HTC had deployed an OS upgrade for its Thunderbolt, EVO 3D and EVO 4G smartphones to include a new logging tool, and it is that update that has apparently opened up the security breach.
According analysis by Android Police, the breach now enables software apps that ask for permission to access the internet services to also gain access to private files on the smartphone.
Currently, there is no fix for this vulnerability until HTC issues another update - and the vulnerability could only be exploited by a malicious app being installed into the smartphone by the user.
The Android Police team developed a proof-of-concept app that demonstrates how the security hole can be exploited.
On the web: Android Police