.

Massive Security Vulnerability In HTC Android Devices

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Oct 03, 2011 10:19 am

Massive Security Vulnerability In HTC Android Devices

Posted by Artem Russakovskii of Android Police:


Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

I am quite speechless right now. Justin Case and I have spent all day together with Trevor Eckhart (you may remember him as TrevE of DamageControl and Virus ROMs) looking into Trev's findings deep inside HTC's latest software installed on such phones as EVO 3D, EVO 4G, Thunderbolt, and others.

These results are not pretty. In fact, they expose such ridiculously frivolous doings, which HTC has no one else to blame but itself, that the data-leaking Skype vulnerability Justin found earlier this year pales in comparison. Without further ado, let me break things down.



For full story:
http://www.androidpolice.com/2011/10/01 ... much-more/

Don
CISSP, MCSE, CSTA, Security+ SME
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Oct 04, 2011 7:34 am

Re: Massive Security Vulnerability In HTC Android Devices

I've talked to 4 different people about this issue and every single one of them felt I was being paranoid. One of them was a security administrator at a local company and the other 3 were fairly technical folks. It boggles the mind.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Thu Oct 06, 2011 8:12 am

Re: Massive Security Vulnerability In HTC Android Devices

Any patches/ updates for this yet?
sectestanalysis.blogspot.com/‎
<<

Darktaurus

User avatar

Full Member
Full Member

Posts: 181

Joined: Thu Sep 03, 2009 8:48 am

Post Thu Oct 06, 2011 3:57 pm

Re: Massive Security Vulnerability In HTC Android Devices

tturner wrote:I've talked to 4 different people about this issue and every single one of them felt I was being paranoid. One of them was a security administrator at a local company and the other 3 were fairly technical folks. It boggles the mind.


Tell them to talk to Jack Mannino.  I was at one of his talks about Android Security.  Wow.  If they are not paranoid after that, there is no hope.



http://www.slideshare.net/JackMannino/s ... m-security

http://jack-mannino.blogspot.com/2010/0 ... s-101.html
OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com

Return to Mobile

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software