Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

HTC America settles FTC charges: failed to secure millions of mobile devices
Posted on 24-Feb-2013 14:08. | Tags Filed under: News.



Mobile device manufacturer HTC America has agreed to settle Federal Trade Commission charges that the company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.

The settlement requires HTC America to develop and release software patches to fix vulnerabilities found in millions of HTC devices. In addition, the settlement requires HTC America to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.

HTC America, Inc., develops and manufactures mobile devices based on the Android, Windows Mobile, and Windows Phone operating systems. HTC America has customized the software on these devices in order to differentiate itself from competitors and to comply with the requirements of mobile network operators.

The Commission charged that HTC America failed to employ reasonable and appropriate security practices in the design and customization of the software on its mobile devices. Among other things, the complaint alleged that HTC America failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities, failed to follow well-known and commonly accepted secure coding practices, and failed to establish a process for receiving and addressing vulnerability reports from third parties.

To illustrate the consequences of these alleged failures, the FTCís complaint details several vulnerabilities found on HTCís devices, including the insecure implementation of two logging applications - Carrier IQ and HTC Loggers - as well as programming flaws that would allow third-party applications to bypass Androidís permission-based security model.

Due to these vulnerabilities, the FTC charged, millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumerís device, all without the userís knowledge or consent. The FTC alleged that malware placed on consumersí devices without their permission could be used to record and transmit information entered into or stored on the device, including, for example, financial account numbers and related access codes or medical information such as text messages received from healthcare providers and calendar entries concerning doctorís appointments. In addition, malicious applications could exploit the vulnerabilities on HTC devices to gain unauthorized access to a variety of other sensitive information, such as the userís geolocation information and the contents of the userís text messages.

Moreover, the complaint alleged that the user manuals for HTC Android-based devices contained deceptive representations, and that the user interface for the companyís Tell HTC application was also deceptive. In both cases, the security vulnerabilities in HTC Android-based devices undermined consent mechanisms that would have otherwise prevented unauthorized access or transmission of sensitive information.

The settlement not only requires the establishment of a comprehensive security program, but also prohibits HTC America from making any false or misleading statements about the security and privacy of consumersí data on HTC devices. HTC America and its network operator partners are also in the process of deploying the security patches required by the settlement to consumersí devices. Many consumers have already received the required security updates. The FTC encourages consumers to apply the updates as soon as possible.


comments powered by Disqus


Trending now »

Hot discussions in our forums right now:

American legal jurisdiction in New Zealand
Created by ajobbins, last reply by ajobbins on 20-Oct-2014 22:53 (22 replies)
Pages... 2


Another Trade Me competitor: SellShed
Created by freitasm, last reply by mattwnz on 20-Oct-2014 15:16 (22 replies)
Pages... 2


Why would Suresignal calls be worse quality than non-Suresignal calls from the same location?
Created by Geektastic, last reply by gzt on 20-Oct-2014 23:43 (39 replies)
Pages... 2 3


Picture resizing on the forum
Created by Jase2985, last reply by freitasm on 18-Oct-2014 13:32 (13 replies)

Internet question...
Created by Geektastic, last reply by Geektastic on 17-Oct-2014 22:59 (40 replies)
Pages... 2 3


Why do people keep thinking National are doing a great job?
Created by sxz, last reply by Geektastic on 20-Oct-2014 23:05 (156 replies)
Pages... 9 10 11


Just bought a TiVo online. No wireless adaptor. Will a standard one work? Or do I need the TiVo one ?
Created by Limerick, last reply by graemeh on 20-Oct-2014 16:03 (11 replies)

iPad Air 2 and iPad Mini 3. Gonna get one?
Created by Dingbatt, last reply by alexx on 20-Oct-2014 13:34 (45 replies)
Pages... 2 3