AndroidGood and EVO

Even more security issues found on HTC EVO 4G

Evo4gIn the wake of the recent Carrier IQ scandal, researchers at North Carolina State University have uncovered a significant amount of vulnerabilities on the HTC EVO 4G that could be used by untrusted applications to send text messages, record phone calls, or even wipe all of the data from the phone without the owner's permission.

The study looked at eight phones total:  the HTC Legend, EVO 4G, and Wildfire S; the Motorola Droid and Droid X; the Samsung Epic 4G; and the Google Nexus One and Nexus S. They used a software tool that they developed to analyze each application that comes pre-loaded on the phone looking for "capability leaks" – basically, system privileges that are left open for other malicious apps to take advantage of without requesting this privilege from the user.

Who was the worst offender of these eight devices? The EVO 4G, with eight total "explicit" capability leaks, which allow malicious applications to exploit services that have been requested by another app without asking for permission.

What's the scariest part? The researchers were only looking at vulnerabilities caused by apps that are already installed. These pre-installed apps often cannot be uninstalled without rooting, and they didn't even attempt to make a similar study of other apps that can be downloaded through the Android Market or Amazon Appstore. However, it should be noted that there are no known cases of these exploits actually affecting end users, but right now the potential is there.

So now, it's time to play the waiting game to see how HTC and Sprint will respond to the latest in what is becoming quite a long line of security SNAFUs.

[Ars Technica]
Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

John F

John was the editor-in-chief at Pocketables. His articles generally focus on all things Google, including Chrome and Android, although his love of new gadgets and technology doesn't stop there. His current arsenal includes the Nexus 6 by Motorola, the 2013 Nexus 7 by ASUS, the Nexus 9 by HTC, the LG G Watch, and the Chromebook Pixel, among others.

Avatar of John F

2 thoughts on “Even more security issues found on HTC EVO 4G

  • Avatar of Chris H

    Wait, record calls?! Why is it so hard to find a legit app that will do a decent job of that, but malicious ones, no problem?!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *