Oct 04 AT 8:24 AM Nick Gray 10 Comments

HTC acknowledges security vulnerability, patch already in development

htc_vulnetability

As promised, HTC has looked into the security vulnerability created by the HTCLogger app on newer devices and has released an official statement. HTC confirms there is an issue present that can be exploited by malicious third-party applications. A security update for affected devices is already being worked on. Once the patch is complete, HTC will push it out via OTA update after a short testing period with various service providers.

There is currently no evidence that any of the information stored by the HTCLogger app has been accessed by third-party applications, but HTC does “strongly urge” its customers to use caution when downloading and installing new applications from untrusted sources.

We don’t know how long HTC’s patch will take to develop, but we will keep you updated with any new information that we come across. How do you feel about HTC’s response and reaction time to this vulnerability? If you had to give them a score between 1 and 10, what would it be?

Show Press Release
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

Nick is a tech enthusiast who has a soft spot for HTC and its devices. He started HTCsource.com (the first HTC blog) back in 2007 and later joined the Android and Me family in the summer of 2010.

    Most Tweeted This Week

  • Noel

    Got a patch from HTC about an hour ago

    • DROID Sam

      can you share any more details. Build number, phone, carrier? I know HTC is one of the best at sending out updates, but I doubt they have a fix going out that quickly.

  • BiGMERF

    Lets hope it is not to long

  • Panatella

    Good thing they react quite quick.
    But one thing i don’t get is the fact that the logs are unencrypted and in just plain text, how can they miss this?
    It’s a good thing its getting fixed, but with a pressrelease like this, i feel like HTC is just playing innocent.

  • Richard Yarrell

    Hidden due to low comment rating. Click here to see.

  • http://htcsource.com Nick Gray

    I say HTC gets score of 7/10. Their initial response was a little slow, but it looks like they are going to have this fixed within a few weeks. HTC could improve their score if they roll out the patch by the end of this week, but that’s a near impossibility.

  • Richard Yarrell

    Hidden due to low comment rating. Click here to see.

    • squiddy20

      Ummmm Windows isn’t open source and you have to be careful (or rather, not be a complete idiot like yourself) about what you download/use. I think the “moral” you were looking for is something along the lines of “don’t be an ignorant moron”. You don’t need antivirus crap on your phone or computer if you just pay attention to what you’re doing. Is it really so hard to use common sense?

  • DROID Sam

    Any updates from HTC on this issue?

  1. NoelGuest 3 years ago

    Got a patch from HTC about an hour ago

  2. Lets hope it is not to long

  3. Good thing they react quite quick.
    But one thing i don’t get is the fact that the logs are unencrypted and in just plain text, how can they miss this?
    It’s a good thing its getting fixed, but with a pressrelease like this, i feel like HTC is just playing innocent.

  4. Richard YarrellGuest 3 years ago

    Hidden due to low comment rating. Click here to see.

  5. I say HTC gets score of 7/10. Their initial response was a little slow, but it looks like they are going to have this fixed within a few weeks. HTC could improve their score if they roll out the patch by the end of this week, but that’s a near impossibility.

  6. Hidden due to low comment rating. Click here to see.

    • squiddy20Guest 3 years ago

      Ummmm Windows isn’t open source and you have to be careful (or rather, not be a complete idiot like yourself) about what you download/use. I think the “moral” you were looking for is something along the lines of “don’t be an ignorant moron”. You don’t need antivirus crap on your phone or computer if you just pay attention to what you’re doing. Is it really so hard to use common sense?

  7. DROID SamGuest 3 years ago

    Any updates from HTC on this issue?