Articles Tagged:

Trevor Eckhart

4 articles
...

Carrier IQ Drops Legal Threats, Apologizes To Developer Trevor Eckhart

Trevor Eckhart, a developer involved in uncovering a huge security vulnerability that affected several HTC devices, was recently threatened by Carrier IQ (CIQ), a company involved in gathering various forms of user data and sending it to carriers or manufacturers for analysis. For those who haven't  been following the story, here's what happened:

Trevor Eckhart found several training manuals on CIQ's website. These were publicly available. Trevor shared them with the community, explaining just how far-reaching CIQ's data collection practices are. At this point, CIQ became aware of the fact that sensitive information had been exposed, and pulled the files from their website.

Read More
...

HTC Security OTA Appearing On European Sensations [Update: And Now The GSM EVO 3D, Too]

Originally Posted October 12th.

It's been eleven days since Android Police published this story detailing the discovery by Trevor Eckhart of some serious security issues within HTC's more recent software. Three days after that HTC responded, and now, a further week or so later, we are seeing reports of an "important security update" being pushed to HTC Sensations throughout Europe.

image

Screencap by FG1234 of Android-Hilfe.de

While HTC does not specify exactly what the ~9 MB update addresses, the timing seems right to relate to the preceding story. Besides alluding to some positive-sounding "performance improvements and new features", the update description does not mention any further details, and HTC certainly doesn't dwell on the nature of the security update itself.

Read More
...

HTC Acknowledges Data-Exposing Vulnerability In Some Devices, Promises Over-The-Air Patch Shortly

HTC acknowledged the vulnerability in some of its devices that Android Police together with Trevor Eckhart posted Saturday night. The privilege escalation vulnerability currently allows a potentially malicious app that uses only the INTERNET permission to connect to HTC's HtcLoggers service and get access to data far exceeding its access rights. This data includes call history, the list of user accounts, including email addresses, SMS data, system logs, GPS data, and more.

HTC added that a software fix is already in the works and will be pushed to affected devices following a brief testing period (hopefully carriers won't end up delaying the OTA roll-out too much due to additional testing and bureaucracies).

Read More
...

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

I am quite speechless right now. Justin Case and I have spent all day together with Trevor Eckhart (you may remember him as TrevE of DamageControl and Virus ROMs) looking into Trev's findings deep inside HTC's latest software installed on such phones as EVO 3D, EVO 4G, Thunderbolt, and others.

These results are not pretty. In fact, they expose such ridiculously frivolous doings, which HTC has no one else to blame but itself, that the data-leaking Skype vulnerability Justin found earlier this year pales in comparison. Without further ado, let me break things down.

The Vulnerability

Update 10/4/11: HTC posted a public response promising a patch.
Read More
Quantcast