egzthunder1 · Oct 4, 2011 at 06:49 am

Official Announcement By HTC Regarding Security Vulnerability

It is quite impressive what the power of a single individual can amount to these days. We have been in touch with HTC regarding this security issue (since the beginning), which we officially announced last Friday. We tried to tell them that something wasn’t right with the whole concept of apps mining for data and sending it to a cloud. Well, after last week’s proof of concept released by XDA Recognized Developer TrevE, HTC decided that it was time to let their engineering teams take action. The outcome? People from both HTC in Taiwan and in North America are scrambling to put out security patches to prevent these exploits from being used. According to HTC, they should be rolling out OTA updates once the patches have made it through their testing QA as well as through the carriers.

We are certainly happy that they finally decided to take this with the degree of severity it actually has. The exploit is rather dangerous as virtually every single bit of information in the device is at risk. As it is customary, HTC has put out an official statement where they are letting people know of what we have talked about so far.

It would just be fair to remind HTC that they should not rest after this one is over and done for various reasons. The first one is because there are other confirmed exploits that we will release soon, which they will have to pay attention to. The other is because they need to up their efforts in the QA department a bit. The key to success in this world is constant innovation, and you guys are doing a good job so far, but as stated, you need to do a bit better.

Our community is willing to work with you as you have already seen for the last few weeks. This is not a matter of simply pointing fingers or kicking the giant when its down, this is something that affects the vast majority of us at XDA and as such we just want to point out things so that you take action. There will be other times for us to bash you (like blogs across the web have done), but this is not one of them. This is a very serious issue and with everyone being on the same page working together to find a solution, everyone will benefit from the outcome.

HTC Public Statement:

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

 

HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly.  During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

 

Want something published in the Portal? Contact any News Writer.


_________
Want something on the XDA Portal? Send us a tip!
TAGS:

egzthunder1

egzthunder1 is an editor on XDA-Developers, the largest community for Android users. I have been an active member of xda-developers since 2005 and have gone through various roles in my time here. I am Former Portal Administrator, and currently part of the administrator team while maintaining my writer status for the portal. In real life, I am a Chemical Engineer turned Realtor in the Miami area. View egzthunder1's posts and articles here.
Mario Tomás Serrafero · May 25, 2015 at 02:00 pm · 2 comments

XDA Office Space: Frankenstein’s Perfect IM Client?

The portal’s decentralized XDA office lies in a Hangouts chatroom, where we discuss the latest developments that hit the blogosphere, critique them and figure out what we can do to add a new or original point of view. We came to love this little virtual office, which sees messaging 24/7 due to the international nature of our team. The main problem that we have faced since early on is that Hangouts is not versatile enough for in-depth discussion.   What...

XDA NEWS
Emil Kako · May 25, 2015 at 12:32 pm · 4 comments

Which IM Client on Android is best?

With so many different messengers to choose from, it can be tough to find the best one for you and your friends to use. Hangouts, Whatsapp, Telegram and more are all battling it out for the number one spot. Let us know which IM client you think is best on Android and why.

DISCUSS
Jimmy McGee · May 25, 2015 at 12:00 pm · 2 comments

Android Factory Reset Security Flaw and More – XDA TV

Nvidia is releasing a 500Gb SHIELD TV Pro! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this weekend's news is the announcement of an Android factory reset security flaw and be sure to check out the article talking about the Nexus Player getting TWRP. That's not all that's covered in today's video! Jordan covered the LG G4 First Impressions and Unboxing video from TK released this weekend...

XDA NEWS
Share This