Multiple HTC mobile phone transfer security vulnerabilities, such as thunder and blot

Security researchers said several HTC Android phones, including Evo 3D, Evo 4g, and Thunderbolt, contain security vulnerabilities, other applications that can automatically connect to the Internet may read personal data, including text messages, local information, emails, and phone numbers.

Three security researchers, including Artem Russakovskii, Justin Case, and Trevor Eckhart, found HTC was in a recent software update, logging tools containing security vulnerabilities are installed on users' mobile phones along with software updates.

HTC Thunderbolt

Russakovskii indicates that the logging tool is usually used to remotely analyze device problems. Currently, they have discovered that the affected mobile phone is installed with an application that can be connected to android. permission. INTERNET. The following information can be obtained:

User Account, including email

The last used network, satellite location, or recent Location Point record

Phone number

SMS information: including phone numbers and encrypted text (not sure whether it can be decoded, but it is highly likely)

System Login (including kernel/dmesg and app/logcat), including all applications used by users, emails, phone numbers, and personal data.

Currently, the only solution is to wait for HTC hotfix or crack the mobile phone to remove the logging tool. He also reminded mobile phone users to be especially careful to avoid downloading suspicious applications.

Russakovskii said that he had responded to HTC about the security vulnerability in September 24. After five working days without receiving a response from HTC, he decided to disclose the vulnerability to the public. HTC is still working on solutions so far, but has not obtained any statement from HTC.

Learn about the affected models, including Evo Shift 4G, MyTouch 4G Slide, coming Vigor, and some Sensations.