Warning: HTC Android Devices Feature Massive Security Flaw Discussion

[Valerie Sarnataro]

Several HTC Android devices feature a serious security flaw that allows hackers to access phone numbers, GPS, email addresses, SMS and more, according to numerous reports. The HTC EVO 3D and 4G as well as the HTC ThunderBolt are currently the only smartphones affected.

Read the full content of this Article: Warning: HTC Android Devices Feature Massive Security Flaw

Related Articles:

• HTC ThunderBolt Gets Android OS 2.3 Upgrade at Long Last
• HTC EVO 3D Review: Brings 4G and 3D Together

[Varjak]

Yikes, yikes!

[headcronie]

Yeah. Ugh. Had to threaten quarantine of a work issued Evo. Then had to inform my bro-in-law to disable all updates, and stop installing apps. Called our business account manager, and she hadn't even heard of it. What a mess...

[Drillbit]

If you want to disable HTC logging in your phone:

1. Go to Settings, go to About Phone, go to Tell HTC, uncheck Report Errors to HTC and Report Usage to HTC.

2. Go to the dialer, type *#*#482564#*#*. This will bring you to the HTC Logger. Go to the Logger Controller and uncheck them if they are checked. If they are umchecked, you are not being logged anyway.

If your HTC phone has none of these "features" then the logger doesn't doesn't exist in you phone anyway. Carry on.

Additional Notes: many HTC phones do not have this, most especially the Incredible 2 and Droid Incredible 2.

[Drillbit]

Maybe some screenshots will help illustrate the logging permission and app looks like. Note it does require permissions and you can turn it off. If I remember, it is by default, off.

[Hook]

The headline does seem overly alarmist when you turn around and say only 3 phones are affected. The Nexus One, of course, isn't.

[headcronie]

You almost want it to be alarmist. People using these devices, especially in a business environment, cannot afford to be caught off guard. The title certainly caught my attention. Regardless, this is a huge mess, business and personal...

[LandSurveyor]

From what I read there, (1)HTC is still working to confirm the flaw exists, and
(2) According to what Drill has shown, it's probably turned off anyway and if not, just uncheck it according to his instructions.

Not exactly DefCon 3.

OK folks, as you were; nothing to see here.

[weegie]

imho, all these new 100% connected, auto updated , sync with cloud modern mobile OSes aren't secure, the fact they auto swap data with remote servers all over the place [with unknown security]without people lifting a finger makes them vulnerable at a pretty basic level.

Probably their best defense against exploits, is the fact 99.9% are used for consumer fun type things, and hackers probably have little interest in gaining access compared to how little value what they would find is.

You would think NFC, and Google wallet type applications are likely to add more hacker interest in mobiles, I guess time will show how good the security is for this type of thing, but I'm not about to leave credit and banking info on something that can be hacked to the bowels of the OS with a simple radio exploit.

Do many governmental agencies around the world issue Android, IOS, WP7?

[Hook]

US Government is still largely RIM-based with their own security modifications/layers/policies including on-the-fly encryption. I have heard rumors that there is work on creating a government flavor of Android, but have not seen anything that confirms this.