25 Feb 2013
More than 18 million users of smartphones and other mobile devices made by HTC are vulnerable to cyber-attacks, according to the Federal Trade Commission. The regulator charged the mobile developer for customizing its Android- and Windows-based phones in ways that allow cyber-criminals to install dangerous software and steal users’ personal details.
The FTC identified several flaws in HTC software, including insecure implementation of two logging applications, and programming vulnerabilities that let third-party Android apps escape the permission-based filter.
“Because of the potential exposure of sensitive information and sensitive device functionality through the security vulnerabilities in HTC mobile devices, consumers are at risk of financial and physical injury and other harm,” FTC representatives said. “Sensitive information exposed on the devices could be used, for example, to target spear-phishing campaigns, physically track or stalk individuals, and perpetrate fraud, resulting in costly bills to the consumer.”
The dangerous applications can also send text messages, record audio, browse history and access information such as credit card numbers and banking transactions.
HTC agreed to develop and release software patches to fix the vulnerabilities.