FlyerTalk Forums
Page 1 of 2
1
2
Show 40 post(s) from this thread on one page

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Travel Technology (https://www.flyertalk.com/forum/travel-technology-169/)
-   -   HTC Android Users: Massive Vulnerability Uncovered (https://www.flyertalk.com/forum/travel-technology/1265282-htc-android-users-massive-vulnerability-uncovered.html)

javabytes Oct 2, 2011 9:56 pm
HTC Android Users: Massive Vulnerability Uncovered
 
A heads up for those of you who use an Android-based device manufactured by HTC:

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More
http://www.androidpolice.com/2011/10...ses-much-more/

alanh Oct 2, 2011 10:30 pm
Oh, yuck. The short version is that HTC has a high-privilege applet preinstalled on their phone that can access all sorts of sensitive data. It gives this info up to any other applet without any sort of security, acting as a backdoor around the normal Android security.

macdonaldj2 Oct 2, 2011 10:34 pm
root your phone...problem solved

Flahusky Oct 3, 2011 2:53 am
Originally Posted by alanh (Post 17210215)
Oh, yuck. The short version is that HTC has a high-privilege applet preinstalled on their phone that can access all sorts of sensitive data. It gives this info up to any other applet without any sort of security, acting as a backdoor around the normal Android security.
The vulnerabilities 'we' allow in the name and for the sake of 'connivance'.


Originally Posted by macdonaldj2 (Post 17210220)
root your phone...problem solved
I would so love to turn an Android device on and be presented 2 options
1. Manufacture ROM (bloated with carrier & vendor crap)
2. Cyanogen ROM (Lean, mean speed demon machine)

sonofzeus Oct 3, 2011 4:55 am
Originally Posted by Flahusky (Post 17210772)
I would so love to turn an Android device on and be presented 2 options
1. Manufacture ROM (bloated with carrier & vendor crap)
2. Cyanogen ROM (Lean, mean speed demon machine)
??Like this:

http://www.n2acards.com/

GoingAway Oct 3, 2011 5:23 am
Originally Posted by macdonaldj2 (Post 17210220)
root your phone...problem solved
I don't know much about that, but that article made it seem that it only would lessen not fully stop the leakage

GeorgeWhite Oct 3, 2011 6:30 am
Originally Posted by GoingAway (Post 17211071)
I don't know much about that, but that article made it seem that it only would lessen not fully stop the leakage
Rooting your phone is needed to get rid of the nasty HTC backdoor app. As they say in the article, you have to delete this file: /system/app/HtcLoggers.apk

GoingAway Oct 3, 2011 6:38 am
Originally Posted by GeorgeWhite (Post 17211258)
Rooting your phone is needed to get rid of the nasty HTC backdoor app. As they say in the article, you have to delete this file: /system/app/HtcLoggers.apk
I may nEed to learn to do rooting, after all. Regardless, it doesn't seem to address this vulnerability and it seems like the article expects to find others, as well

Additionally, and the implications of this could end up being insignificant, yet still very suspicious, HTC also decided to add an app called androidvncserver.apk to their Android OS installations. If you're not familiar with the definition of VNC, it is basically a remote access server. On the EVO 3D, it was present from the start and updated in the latest OTA. The app doesn't get started by default, but who knows what and who can trigger it and potentially get access to your phone remotely? I'm sure we'll know soon enough - HTC, care to tell us what it's doing here?

cordelli Oct 3, 2011 7:02 am
One has to love their response

"HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."

Really, they don't even verify it as an issue yet? One of the stories says the people 2who discovered this contacted them

After finding the vulnerability, the trio claim that Eckhart contacted HTC on September 24th and HTC didn’t respond to them. So, after receiving no real response for five business days, they’ve decided to release news of the vulnerability to force HTC to fix the problem.

macdonaldj2 Oct 3, 2011 11:18 am
I always root my android phones...I am running a thunderbolt now with CM7 and there are no VZW apps on it or HTC loggers...so they can't track me, not that I knew about it before

Braindrain Oct 3, 2011 4:23 pm
I don't even buy a phone unless I know I can root it. ^

flltravel Oct 3, 2011 8:29 pm
I am curious if this affects the older HTC Android phones like the HTC Droid Incredible?
Couldn't find this information in any of the articles I read.

macdonaldj2 Oct 3, 2011 10:26 pm
Originally Posted by flltravel (Post 17215930)
I am curious if this affects the older HTC Android phones like the HTC Droid Incredible?
Couldn't find this information in any of the articles I read.
As of now it only effects the three phones listed in the article...

Edit...it says and others...I don't know then

Braindrain Oct 9, 2011 1:02 pm
Just got back after a week of travel. I just had the opportunity to check the custom ROM in my phone (Cyanogen). This vulnerability file doesn't even exist. ^

notsosmart Oct 9, 2011 3:19 pm
Hmmm... Anyone know if the T-Mobile G2 (almost two years old) is affected?


All times are GMT -6. The time now is 9:22 pm.
Page 1 of 2
1
2
Show 40 post(s) from this thread on one page


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.