Reportedly, the HTC smartphones based mobile operating system Android, including models Evo 3D, Evo 4G and Thunderbolt, have a large security hole that allows applications with Internet connection to access personal user data, including archives of SMS-messages, data location, email address and telephone number.
Researchers Artem Russakovskii (Artem Russakovskii), Justin Keyes (Justin Case) and Trevor Eskhart (Trevor Eckhart) discovered a vulnerability in the Android-smartphone caused by logging tools that are installed on their HTC devices in the last update.
Such tools, as reported by Mr. Russakovskii, typically used for remote analysis device problems, and their subsequent elimination. But the problem is that in this case as a result of any application errors with Internet access (requesting access to android.permission.INTERNET) or with advertising can have access to the following:
- list of user accounts, including email addresses;
- last known location of the network and GPS, as well as the limited statistics of the previous locations;
- list of dialed numbers;
- SMS-data, including phone numbers and encrypted messages (it is not clear whether they can decode, but it is quite likely);
- protocols of the system (kernel / dmesg and app / logcat), which include all launch applications, as well as, quite likely, e-mail addresses, phone numbers and other personal data.
Three experts said HTC about the problem on September 24, then wait five business days and then publish the details. According to Mr. Russakovskii, the problem may also be vulnerable machines Evo Shift 4G, MyTouch 4G Slide and Vigor, some smart phones Sensations and "most likely other devices."
Source: news.cnet.com
Source: news.cnet.com
0 comments:
Post a Comment