A major security flaw affects some HTC phones
A major security flaw affects some HTC phones
HTC Sense in the layer present on the phones in the Taiwanese brand, a flaw which affects some smartphones EVO 3D. Information are numerous and easily accessible.Android is often singled out because of its lack of security. Companies that have their own anti-virus (or anti something) on ​​the Android Market regularly find flaws in the operating system of Google. In this air of insecurity lies a fundamental problem: the market share occupied by Android. Like Windows, the operating system is a victim of its success. Indeed, an attacker will have much more interest in attacking Android, as potential targets are much more numerous. This does not exempt the cracks of the system, but shows that behind these ads shock, there are often people who have an interest (often financial).
The models affected are mainly in the United States (Thunderbolt, EVO 4G, 4G EVO Shift?, MyTouch Slide 4G?, Vigor?), But the EVO 3D and perhaps even the sensation are also infected. The flaw potentially gives access to:
* The list of user accounts (including email address and the status of synchronization)
* The last known location (with GPS or triangulation)
* Very limited history of past locations
* Phone Numbers Call Log
* SMS: content (no certainty about the ability to decrypt it) and phone numbers
* The system logs: dmesg and logcat
In recent updates to Sense, HTC has introduced tools to gather information. The user has no right to access and becomes the victim of a bad transaction from the Taiwanese company. It is only possible to disable sending the file on the servers of the company, but the collection still takes place. To access all this information, simply an application has permission android.permission.INTERNET. Knowing that smartphones are highly connected to the web, potential targets and many can be invisible.
The advantage of the mechanism of permissions is not to allow applications to access some of the functionality of the phone. Knowing the subject, the person can decide if access to the GPS to a Scrabble is normal or not, for example. But here she can see much more information because of HTCLoggers. In addition to the information previously mentioned, information on the battery, processor, IP address, the version of android, notifications are displayed … collected by the application that reaches out to the attackers.
According to Police Android, the first to have relayed the information, an application for leave Internet enjoy “free” to:
* ACCESS_COARSE_LOCATION: Location of the phone by triangulation or WiFi (imprecise)
* ACCESS_FINE_LOCATION: Location of the phone with the GPS (high accuracy)
* ACCESS_LOCATION_EXTRA_COMMANDS: Creating sources of location dummy for testing
* CESS_WIFI_STATE: Information on WiFi networks
* BATTERY_STATS: Statistics of use of the battery
* GET_PACKAGE_SIZE: Size used by a package
* GET_TASKS: Information about the tasks running in the background
* READ_LOGS: access logs (trace) low-level system
* READ_SYNC_SETTINGS: Information on the synchronization options
* READ_SYNC_STATS: Statistics on the synchronization
* DUMP: Pile of service delivery system
|
||||||||
Incoming search terms:
Related posts:
- If HTC loses lawsuit against Apple: What about the other companies that bet on Android?
- Android phones have the highest rate of hardware problems … well almost
- Leaked images of HTC Vigor new information about this specification.
- The HTC Evo 3D and 3D LG Optimus arrive for pre-order at Best Buy Canada
- LookMobile, Android application that allows you to remotely access your smartphone