Welcome Guest.   Make a donation to an author on the site September 02, 2014, 11:40:28 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Read the Practical Guide to DonationCoder.com Forum Search Features
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Massive Security Vulnerability In HTC Android phones  (Read 3982 times)
tranglos
Supporting Member
**
Posts: 1,079



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: October 02, 2011, 04:35:42 PM »

After barely a week with my HTC Sensation I knew I would never buy an HTC product again. Now, this will help me remember if I ever think of changing my mind:


Massive Security Vulnerability In HTC Android Devices

Logged

f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: October 02, 2011, 04:40:24 PM »

Pretty bad thing, stuff like that really shouldn't happen.

That said, I'm very satisfied with my Desire S.
Logged

- carpe noctem
EĆ³in
Charter Member
***
Posts: 1,400


O'Callaghan

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #2 on: October 02, 2011, 04:47:41 PM »

I like HTC devices, indeed all my smartphones tend to be HTC. Plus, given their "turn a blind eye" to the hackers policy coupled with their more recent help to the hackers by providing a bootloader unlocker I had thought the company was being pretty darn not evil.

So I must say, this development really disappoints me. Thankfully though, as a user of custom roms (CyanogenMod) it at least doesn't affect me, but is still inexcusable.
Logged

Interviewer: Is there anything you don't like?
Bjarne Stroustrup: Marketing hype as a substitute for technical argument. Thoughtless adherence to dogma. Pride in ignorance.
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: October 02, 2011, 05:10:05 PM »

I wonder if it's intentional data-harvesting/back-dooring or just a sign of very, very poor judgment and crap programmers. Given how blatant it is, I almost can't believe it's intentional back-dooring...
Logged

- carpe noctem
EĆ³in
Charter Member
***
Posts: 1,400


O'Callaghan

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #4 on: October 02, 2011, 06:16:54 PM »

It really does seem too stupid I admit. HTC did make a public response to the data collecting: XDA-Dev - HTC Responds Once Againā€¦, but that was before the security issues were discovered.
Logged

Interviewer: Is there anything you don't like?
Bjarne Stroustrup: Marketing hype as a substitute for technical argument. Thoughtless adherence to dogma. Pride in ignorance.
Stoic Joker
Honorary Member
**
Posts: 5,218



View Profile WWW Give some DonationCredits to this forum member
« Reply #5 on: October 03, 2011, 07:12:27 AM »

So is this strictly an HTC Android issue?? ...Or is it more that the rest haven't been checked yet?

I ask, as I have an HTC WP7 that I'm a tad leery of at the moment.
Logged
EĆ³in
Charter Member
***
Posts: 1,400


O'Callaghan

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #6 on: October 03, 2011, 07:27:42 AM »

So far it's strictly Android. I believe MS put restrictions on what software manufacturers and carriers can preinstall which would mean tracking apps like this very dodgy HTC android one would have the be vetted by MS, and I bet would not be allowed.
Logged

Interviewer: Is there anything you don't like?
Bjarne Stroustrup: Marketing hype as a substitute for technical argument. Thoughtless adherence to dogma. Pride in ignorance.
Stoic Joker
Honorary Member
**
Posts: 5,218



View Profile WWW Give some DonationCredits to this forum member
« Reply #7 on: October 03, 2011, 07:32:17 AM »

So far it's strictly Android. I believe MS put restrictions on what software manufacturers and carriers can preinstall which would mean tracking apps like this very dodgy HTC android one would have the be vetted by MS, and I bet would not be allowed.

Oh great, so now there is an upside to draconian software policys... *Sigh* ...Sometimes I really wish I was smart enough to give-up.
Logged
EĆ³in
Charter Member
***
Posts: 1,400


O'Callaghan

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #8 on: October 03, 2011, 08:03:18 AM »

I do like that MS put major restrictions on the sort of bloat carriers and manufactures love to add. The popularity of installing "stock" android roms show how annoying the custom UIs to some people out there, myself included.

Nonetheless, that MS went the Apple way of only allowing apps be installed through their marketplace is disgraceful. Honestly I don't understand how such practices don't fall foul of of various regulations to support competitiveness.
Logged

Interviewer: Is there anything you don't like?
Bjarne Stroustrup: Marketing hype as a substitute for technical argument. Thoughtless adherence to dogma. Pride in ignorance.
Darwin
Charter Member
***
Posts: 6,979



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: October 03, 2011, 08:54:42 AM »

There are some advantages to playing in a walled garden... I have all three major mobile OS's, in their latest incarnations, and do like being able to side-load apps on Android. However, a lot of what I AM able to sideload is DROSS. Also, being forced to use the app store or the marketplace makes updates down the road simpler. I have an office suite that I bought for Android via the developer's website rather than the marketplace and the purchase came with dire warnings about NOT updating via the marketplace but from within the suite itself lest my registration details be wipted out (likewise, if purchasing from the marketplace, users are warned not to update from within the suite itself). I don't really want to have to worry about this, but have to...
Logged

"Some people have a way with words, other people,... oh... have not way" - Steve Martin
tranglos
Supporting Member
**
Posts: 1,079



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: October 03, 2011, 09:36:42 AM »

I like HTC devices, indeed all my smartphones tend to be HTC.

Yeah, it's a common case of YMMV. Sensation looks really great on paper, and pretty good in reviews, but in practice it's just not a good phone. I can understand some bugs in the OS and the attendant software, but the issues I've had really turned me off. At one point it stopped playing text message notification sound and only a hard reset (i.e., wipe all user data) restored it.

USB connection to the 'puter hardly ever works - you connect it and nothing happens, regardless of settings. It takes about two minutes (!) to establish connection, but often it never connects. When it does connect, it resets (crashes) on disconnect. So forget about using it as your primary music player, transferring files is just too annoying.

I live in a busy city, where coverage is perfect. Put the phone on the table, get four bars (max). Pick it up, display drops to 1 (one) bar. Go somewhere less populated, and I have to reach for my old Nokia to make a call.

The Sensation is the first phone I've ever had that drops calls. When it does connect, sound quality is poor, and too often I can only hear every second word that's spoken on the other end.

It's good for browsing the net (but don't hold it in your hand when you do!), but it's a really poor phone. Easily the worst I've ever had.

YMMV.
Logged

Ath
Supporting Member
**
Posts: 2,202



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #11 on: October 03, 2011, 09:53:14 AM »

I live in a busy city, where coverage is perfect. Put the phone on the table, get four bars (max). Pick it up, display drops to 1 (one) bar. Go somewhere less populated, and I have to reach for my old Nokia to make a call.

The Sensation is the first phone I've ever had that drops calls. When it does connect, sound quality is poor, and too often I can only hear every second word that's spoken on the other end.
In such case I'd go back to the shop/service provider, and have the phone replaced, it sounds like it's faulty.
Logged

tranglos
Supporting Member
**
Posts: 1,079



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: October 03, 2011, 10:07:04 AM »

In such case I'd go back to the shop/service provider, and have the phone replaced, it sounds like it's faulty.

I could only have it serviced under warranty, but it's the design that's faulty. The back metal plate serves as the antenna and it just plain doesn't work.
Logged

Renegade
Charter Member
***
Posts: 11,212



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #13 on: October 03, 2011, 10:08:01 AM »

I have an HTC Desire HD, and so far it's been good. Mind you, I'm on Vodaphone, and they're well known for blowing hard, so I attribute the suckiness in connections to Vodaphone, and not the HTC.

It's not perfect, but so far it's ok.

Mind you, my cheapo Nokia is the best phone for reliability that I've ever had. Awesome battery life. Turned it on after 6 months in storage, and it fired right up.

For the security vulnerability... sigh... I can't say I'm all that surprised.
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
EĆ³in
Charter Member
***
Posts: 1,400


O'Callaghan

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #14 on: October 05, 2011, 11:03:27 AM »

Here's a followup from HTC

HTC Public Statement:

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customersā€™ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
 
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly.  During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
Logged

Interviewer: Is there anything you don't like?
Bjarne Stroustrup: Marketing hype as a substitute for technical argument. Thoughtless adherence to dogma. Pride in ignorance.
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: October 05, 2011, 11:08:41 AM »

A followup that says... pretty much nothing.

Are they going to limit their data collecting to a sane level? Or are they merely going to (attempt to) block 3rd party access to the logs?

It hardly seems like they acknowledge they've been doing anything wrong O_o
Logged

- carpe noctem
Stoic Joker
Honorary Member
**
Posts: 5,218



View Profile WWW Give some DonationCredits to this forum member
« Reply #16 on: October 05, 2011, 11:32:51 AM »

Oh I don't know, I thought this line made their position rather clear:

Quote from: HTC Public Statement
A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws.

Translation: Don't worry kids, it's naughty so no one will actually do it.

Seriously weak stance if I ever saw one..
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.038s | Server load: 0.1 ]