Overclock.net › Forums › Industry News › Hardware News › [NBC]HTC flaw gives hackers easy access
New Posts  All Forums:Forum Nav:

[NBC]HTC flaw gives hackers easy access - Page 4

post #31 of 44
Quote:
Originally Posted by crackzattic View Post
no because the app has to have your permission to be installed on your phone. if you install the app you give it permission to do whatever is listed in the next screen after you click install. this again is a problem but if you download an app you have to read the permissions it requests. you cant stop malware if the end user excepts it. i for one have owned 4 different android phones but i am for a little more app filtering from google's market. they are worried about destroying someone's living by removing console emulators but they allow crappy apps that collect data without screening.
Quote:
Originally Posted by Ecchi-BANZAII!!! View Post
Blame the OS itself.
It only asks if the app will have access to said thing but it doesn't really say WHAT it have access to.
It should state if it needs it to work if it collects it.
Because every frigging app needs internet access to work nowadays...
Jesus christ, does nobody actually dig into a story anymore?

HTC Pushed an application that allows ANY application with internet access to obtain information that it shouldn't have access to.

It isn't the OS, it's HTC. And it isn't the user's fault, because they only gave it internet access [or so they thought].
post #32 of 44
Quote:
Originally Posted by Bluescreen_Of_Death View Post
Jesus christ, does nobody actually dig into a story anymore?

HTC Pushed an application that allows ANY application with internet access to obtain information that it shouldn't have access to.

It isn't the OS, it's HTC. And it isn't the user's fault, because they only gave it internet access [or so they thought].

It's the standard response to the anything that has to do with lackluster security on android.
post #33 of 44
Quote:
Originally Posted by Bluescreen_Of_Death View Post
Jesus christ, does nobody actually dig into a story anymore?

HTC Pushed an application that allows ANY application with internet access to obtain information that it shouldn't have access to.

It isn't the OS, it's HTC. And it isn't the user's fault, because they only gave it internet access [or so they thought].
Nize font size.
You still doesn't realize that HTC ain't the ones that did the Android OS.
Unless HTC will put work work into making it less native Android by adding SPECIFIC info on what the applications uses once you accept that it "access internet"
By access internet it doesn't really say what xxx app does or can do.
example: app1 uses internet solely for ads while,
app2 doesn't have any visual proof what it does with this "internet access", AKA something fishy is going on here...
Kinda like lending your PC to a friend that says he's gonna check his FB, but then without permission starts downloading viruses from obvious infected sources.
This is what I was saying.
Android (Not HTC) has be have more detailed info on what apps REALLY uses and demands to work properly.
Uhh.. Thing
(19 items)
 
TERA
(22 items)
 
 
CPUMotherboardGraphicsRAM
4690K Z97-PRO GAMER ASUS STRIX GTX1070 Corsair Vengeance 
Hard DriveHard DriveHard DriveCooling
Samsung 830 Pro Samsung 850 EVO Samsung 830 Noctua D15 
OSMonitorKeyboardPower
Windows 10 x64 Enterprise ASUS VG248QE QPAD MK-50 EVGA 750W G2 
CaseMouseMouse PadAudio
Fractal Design R5 Logitech G502 Some Steelseries thing SupremeFX -> Pioneer VSX-D711-S 5.1 receiver 
AudioAudioOther
Dali Concept 2+SUB E-12F Focusrite Scarlett Solo Logitech G27 
CPUMotherboardGraphicsGraphics
Intel i7 2700k @ 4.5GHz 1.425v with HT enabled ASUS P8Z77-V Gigabyte GTX670 OC Gigabyte GTX670 OC 
RAMHard DriveHard DriveHard Drive
Corsair Vengeanve LP White 16GB Corsair Force GT 120GB WD RED SOHO 3TB WD RED SOHO 3TB 
Hard DriveHard DriveCoolingCooling
WD BLACK 4TB Seagate 5900 LP 2TB XSPC Raystorm D5 XSPC RX480 w/ GT AP-13 
CoolingOSMonitorKeyboard
XSPC RX360 w/ GT AP-15 Windows 7 Ultimate x64 DELL U3011 Logitech K800 
PowerCaseMouseMouse Pad
Corsair HX1000W Corsair 900D Logitech G500 SARGAS 460 
AudioAudio
Denon AVR-2313 Dali Zensor 7, 5, Vocal 
  hide details  
Reply
Uhh.. Thing
(19 items)
 
TERA
(22 items)
 
 
CPUMotherboardGraphicsRAM
4690K Z97-PRO GAMER ASUS STRIX GTX1070 Corsair Vengeance 
Hard DriveHard DriveHard DriveCooling
Samsung 830 Pro Samsung 850 EVO Samsung 830 Noctua D15 
OSMonitorKeyboardPower
Windows 10 x64 Enterprise ASUS VG248QE QPAD MK-50 EVGA 750W G2 
CaseMouseMouse PadAudio
Fractal Design R5 Logitech G502 Some Steelseries thing SupremeFX -> Pioneer VSX-D711-S 5.1 receiver 
AudioAudioOther
Dali Concept 2+SUB E-12F Focusrite Scarlett Solo Logitech G27 
CPUMotherboardGraphicsGraphics
Intel i7 2700k @ 4.5GHz 1.425v with HT enabled ASUS P8Z77-V Gigabyte GTX670 OC Gigabyte GTX670 OC 
RAMHard DriveHard DriveHard Drive
Corsair Vengeanve LP White 16GB Corsair Force GT 120GB WD RED SOHO 3TB WD RED SOHO 3TB 
Hard DriveHard DriveCoolingCooling
WD BLACK 4TB Seagate 5900 LP 2TB XSPC Raystorm D5 XSPC RX480 w/ GT AP-13 
CoolingOSMonitorKeyboard
XSPC RX360 w/ GT AP-15 Windows 7 Ultimate x64 DELL U3011 Logitech K800 
PowerCaseMouseMouse Pad
Corsair HX1000W Corsair 900D Logitech G500 SARGAS 460 
AudioAudio
Denon AVR-2313 Dali Zensor 7, 5, Vocal 
  hide details  
Reply
post #34 of 44
Quote:
Originally Posted by Ecchi-BANZAII!!! View Post
You still doesn't realize that HTC ain't the ones that did the Android OS.
Unless HTC will put work work into making it less native Android by adding SPECIFIC info on what the applications uses once you accept that it "access internet"

By access internet it doesn't really say what xxx app does or can do.
It is my understanding that applications are normally restricted to the permissions they initially request upon installation. Anything less than that would cause an uproar [and rightly so].

The trouble is that HTC included an application in an update that runs on the phone under the root account and gathers information about the phone. It wouldn't be a big deal if the application required authentication to access the information it gathers, or if you could disable the application.

It's more like having a house with password protected doors. You give someone a password, it only grants them access to certain rooms, but the construction company included a gizmo in the kitchen that lets you get into the rest of the house without the proper password.

It isn't android that's making the mistake, it's HTC forcing an application to the phone.


Quote:
Originally Posted by Ecchi-BANZAII!!! View Post
Android (Not HTC) has be have more detailed info on what apps REALLY uses and demands to work properly.
How would you suggest that do that? They already ask for permission to:

make phone calls
read contacts
access the internet
read phone state
access GPS or network based location
[etc]
post #35 of 44
Fail @HTC I hope they fix this.
My PC
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790K - 4.8GHz MSI Z97 Gaming 5 ASUS GTX1080 STRIX OC Corsair Dominator DDR3-2400 
Hard DriveOptical DriveCoolingOS
SanDisk SSD LG Super Blue BD Drive H100i v2 Windows 10 Pro x64 
MonitorKeyboardPowerCase
LG 4K IPS 27" Corsair K65 RGB OCZ Game X Stream 600w Corsair Carbide Air 540 
Mouse
Logitech G502 
  hide details  
Reply
My PC
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790K - 4.8GHz MSI Z97 Gaming 5 ASUS GTX1080 STRIX OC Corsair Dominator DDR3-2400 
Hard DriveOptical DriveCoolingOS
SanDisk SSD LG Super Blue BD Drive H100i v2 Windows 10 Pro x64 
MonitorKeyboardPowerCase
LG 4K IPS 27" Corsair K65 RGB OCZ Game X Stream 600w Corsair Carbide Air 540 
Mouse
Logitech G502 
  hide details  
Reply
post #36 of 44
Powered by Linux
Black Dragon
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600k @ 4.3 GHZ ASRock Z68 Extreme3 Gen3 (PCI-E 3.0, USB 3.0, B... EVGA GTX 580 1.5 GB GDDR5 G.SKILL Ripjaws X ( 4 x 2GB) @ 1866 MHZ 8-9-8-2... 
Hard DriveCoolingOSMonitor
OCZ Vertex 3 MAX IOPS 120 GB Firmware 2.21 Noctua NH-D14 Windows 8.1 X64 Alienware Optx AW2310 (1920 x 1080p) 120 HZ 
KeyboardPowerCaseMouse
Comfort Curve Keyboard 2000 Corsair AX850 PLUS GOLD Certified Silverstone FT02B-W Razer Deathadder 3500 DPi 
Mouse Pad
Steel Series QCK+ 
  hide details  
Reply
Black Dragon
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600k @ 4.3 GHZ ASRock Z68 Extreme3 Gen3 (PCI-E 3.0, USB 3.0, B... EVGA GTX 580 1.5 GB GDDR5 G.SKILL Ripjaws X ( 4 x 2GB) @ 1866 MHZ 8-9-8-2... 
Hard DriveCoolingOSMonitor
OCZ Vertex 3 MAX IOPS 120 GB Firmware 2.21 Noctua NH-D14 Windows 8.1 X64 Alienware Optx AW2310 (1920 x 1080p) 120 HZ 
KeyboardPowerCaseMouse
Comfort Curve Keyboard 2000 Corsair AX850 PLUS GOLD Certified Silverstone FT02B-W Razer Deathadder 3500 DPi 
Mouse Pad
Steel Series QCK+ 
  hide details  
Reply
post #37 of 44
Quote:
Originally Posted by Bluescreen_Of_Death View Post
It isn't the OS, it's HTC. And it isn't the user's fault, because they only gave it internet access [or so they thought].
The OS shouldn't let the applications extract this information and send it online somewhere else.

What about the androidvncserver.apk ,that let other user acces remotely to the phone,imagine this information being intercepted by a hacker ,and then your phone being accessed remotely and install keylogger to extract credit card information and so on.

This is a true claim,we are not far from apps installed with user permission.
Edited by Eduardv - 10/5/11 at 2:56pm
Black Dragon
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600k @ 4.3 GHZ ASRock Z68 Extreme3 Gen3 (PCI-E 3.0, USB 3.0, B... EVGA GTX 580 1.5 GB GDDR5 G.SKILL Ripjaws X ( 4 x 2GB) @ 1866 MHZ 8-9-8-2... 
Hard DriveCoolingOSMonitor
OCZ Vertex 3 MAX IOPS 120 GB Firmware 2.21 Noctua NH-D14 Windows 8.1 X64 Alienware Optx AW2310 (1920 x 1080p) 120 HZ 
KeyboardPowerCaseMouse
Comfort Curve Keyboard 2000 Corsair AX850 PLUS GOLD Certified Silverstone FT02B-W Razer Deathadder 3500 DPi 
Mouse Pad
Steel Series QCK+ 
  hide details  
Reply
Black Dragon
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600k @ 4.3 GHZ ASRock Z68 Extreme3 Gen3 (PCI-E 3.0, USB 3.0, B... EVGA GTX 580 1.5 GB GDDR5 G.SKILL Ripjaws X ( 4 x 2GB) @ 1866 MHZ 8-9-8-2... 
Hard DriveCoolingOSMonitor
OCZ Vertex 3 MAX IOPS 120 GB Firmware 2.21 Noctua NH-D14 Windows 8.1 X64 Alienware Optx AW2310 (1920 x 1080p) 120 HZ 
KeyboardPowerCaseMouse
Comfort Curve Keyboard 2000 Corsair AX850 PLUS GOLD Certified Silverstone FT02B-W Razer Deathadder 3500 DPi 
Mouse Pad
Steel Series QCK+ 
  hide details  
Reply
post #38 of 44
Quote:
Originally Posted by Eduardv View Post
The OS shouldn't let the applications extract this information and send it online somewhere else.
What you are requesting to happen is for permissions to be added. Almost like... wait a second, android already has permissions to do exactly that? Amazing.

This issue explicitly has to do with an application that HTC preinstalled on the phones that introduces a vulnerability to the system. Essentially it's automatically granted these permissions (because HTC granted them).

This is not an android security problem, this is installing an app that adds new security holes. Why don't you go complain to Microsoft about how you can install a virus manually and let them laugh you out of the building.
Micro Dance
(8 items)
 
  
CPUMotherboardGraphicsRAM
i7-4790k z97i-plus EVGA GTX980 SC 16GB Team Xtreme 2400 
Hard DriveCoolingOSCase
512GB Samsung SSD 830 NH-L12 Windows 10 EVGA Hadron Air 
  hide details  
Reply
Micro Dance
(8 items)
 
  
CPUMotherboardGraphicsRAM
i7-4790k z97i-plus EVGA GTX980 SC 16GB Team Xtreme 2400 
Hard DriveCoolingOSCase
512GB Samsung SSD 830 NH-L12 Windows 10 EVGA Hadron Air 
  hide details  
Reply
post #39 of 44
Interesting enough my yahoo email account was hacked yesterday. I caught it 5 minutes after phony emails were sent from my account.. My wife got a email from me while were standing face to face talking...

EVO 4G.......... love the phone, hate the open software platform.
My First Build
(15 items)
 
  
CPUMotherboardGraphicsRAM
I7-860 2.8/OC'ed 3.60 FPO/batch # L935B730 Asus P7P55d Evo MSI 580 TF II OC 8 Gig Corsiar DDR3 1600 XMP 
Hard DriveOptical DriveCoolingOS
WD Black 750 Samsung H50, pull/push Win7 Pro 64 
MonitorKeyboardPowerCase
HP 2509B 25" 1920x1080 Steelseries backlit Merc Corsiar TX650 Thermatake V9 Black 
MouseAudio
Rat 7 Asus Xonar DG 
  hide details  
Reply
My First Build
(15 items)
 
  
CPUMotherboardGraphicsRAM
I7-860 2.8/OC'ed 3.60 FPO/batch # L935B730 Asus P7P55d Evo MSI 580 TF II OC 8 Gig Corsiar DDR3 1600 XMP 
Hard DriveOptical DriveCoolingOS
WD Black 750 Samsung H50, pull/push Win7 Pro 64 
MonitorKeyboardPowerCase
HP 2509B 25" 1920x1080 Steelseries backlit Merc Corsiar TX650 Thermatake V9 Black 
MouseAudio
Rat 7 Asus Xonar DG 
  hide details  
Reply
post #40 of 44
Quote:
Originally Posted by Spct View Post
Interesting enough my yahoo email account was hacked yesterday. I caught it 5 minutes after phony emails were sent from my account.. My wife got a email from me while were standing face to face talking...

EVO 4G.......... love the phone, hate the open software platform.
I hated every minute of the EVO4g after loading up 700 contacts, and month of texts and a few apps..

Sorry it was a piece of crap for my usage. I had to delete so many apps! and yes I had app2sd.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Hardware News
Overclock.net › Forums › Industry News › Hardware News › [NBC]HTC flaw gives hackers easy access