HTC is to release an urgent update for several of its smartphones to fix a vulnerability which could leave personal information at risk. The Android Police blog discovered that a user's GPS location and call logs could be easily accessed by net-enabled apps. After investigating, HTC admitted the flaw could be "exploited by a malicious third-party application". It said affected users will be notified of the update automatically. "HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices," a spokesperson said. Users will be able to download the fix over-the-air. The company has not yet confirmed exactly which models are at risk, but it is understood that the EVO 3D, EVO 4G, Thunderbolt and potentially the Sensation range are all susceptible to the vulnerability. Until the patch is released, the company urges users to "use caution when downloading, using, installing and updating applications from untrusted sources". The flaw relates to a particular file which contains a vast amount of personal information including GPS location history, SMS data, phone logs and e-mail accounts. Apps can gain access to the file by requesting permission to access the internet - a common occurrence for apps that allow the posting of top scores or messages on social networking sites. HTC said they have found no evidence that this flaw has been exploited for malicious purposes, but conceded it does pose a threat to the protection of the user's information. The statement read: "In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. "A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. "So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability." The company said the patch will be released after a short period of testing, and users are urged to download the update promptly. Artem Russakovskii, the blogger who made the flaw public, welcomed the quick action by HTC, but said he still had concerns over the manner in which large amounts of personal data are kept in the single file. He wrote: "While I applaud HTC's desire to fix the situation quickly, I do have to wonder whether the patch will simply apply some sort of an authentication scheme to the service while letting it continue collecting the same kind of sensitive data to be potentially reported back to HTC or carriers."
GMT 15:03 2017 Tuesday ,24 October
Second Palestinian mobile provider enters GazaGMT 14:34 2017 Sunday ,15 October
US mobile carriers Sprint, T-Mobile to mergeGMT 16:20 2017 Thursday ,21 September
Google likely to buy stake in Taiwan smartphone maker HTCGMT 09:46 2017 Friday ,15 September
Apple's grand plan in Ireland held up by a forestGMT 14:01 2017 Thursday ,14 September
Saudis urged to report on fellow citizens via mobile appGMT 16:15 2017 Sunday ,03 September
China's Huawei unveils mobile AI assistant at Berlin's IFAGMT 14:32 2017 Monday ,26 June
Russian intelligence says Telegram app used in bombingGMT 14:00 2017 Sunday ,25 June
Dutch invent phone app to stop kids texting on bikesMaintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Send your comments
Your comment as a visitor