"I am absolutely aghast appropriate now," begins Artem Russakovskii over at Android Police as he posts about a "massive" aegis blemish in HTC Android accessories that allows awful hackers to admission buzz numbers, GPS, SMS, email addresses and more.
The afflicted accessories cover EVO, 3D, 4G and Thunderbolt and allegedly the blemish goes so abysmal that the guys at Android Police are advertent new issues with anniversary new analysis or examination:
What Trevor begin is alone the tip of the abstract - we are all still digging added - but currently any app on afflicted accessories that requests a individual android.permission.INTERNET (which is accustomed for any app that connects to the web or shows ads) can get its easily on:
- the account of user accounts, including email addresses and accompany cachet for anniversary endure accepted arrangement and GPS locations and a bound antecedent history of locations
- buzz numbers from the buzz log
- SMS data, including buzz numbers and encoded argument (not abiding yet if it's accessible to break it, but actual likely)
- arrangement logs (both kernel/dmesg and app/logcat), which includes aggregate your active apps do and is acceptable to cover email addresses, buzz numbers, and added clandestine info
Even worse, for apps that alone charge one blazon of information, like the Internet permission, this vulnerability still grants admission to added areas of the accessory (like location, logs, even array stats, just to name a few).
Basically, it sounds as if you're application one of these HTC Android devices, you've been walking about with your fly baffled and a big "eff me over" assurance on your back.
The aegis analysis is advancing and we'll amend with any fixes or aegis patches that get issued. The alone way this gets anchored is an amend from HTC itself, says the guys at A.P. [Android Police]
No hay comentarios :