According to a trio of security researchers, information such as text message data, location info, e-mail addresses, and phone numbers are accessable to Internet-connected apps installed on the HTC Evo 3d, the Evo 4G and the Thunderbolt!
Researcher Artem Russakovskii says that he, Justin Case, and Trevor Eckhart have discovered a vulnerability which involves logging tools recently installed on the devices during a software update.
- “the list of user accounts, including email addresses…
- last known network and GPS locations and a limited previous history of locations
- phone numbers from the phone log
- SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)
- system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info”
According to Russakovskii, the only way users can address the issue is to wait for a fix from HTC or to Jailbreak their phone and remove the logging tools. He also advises users of the devices to be especially vigilant about downloading suspicious apps.
Vulnerable devices, according to Russakovskii, may also include the Evo Shift 4G, the MyTouch 4G Slide, the upcoming Vigor, some Sensations, and “most likely others.”
Russakovskii says, “It’s like leaving your keys under the mat and expecting nobody who finds them to unlock the door,”. Read his full post here.
No related posts.