A new vulnerability was found in HTC devices — this time, specifically involving HTC handsets equipped with WiMax radios and running on Sprint’s 4G network. Developer TrevE discovered the vulnerability on the 20th and thanks to an agreement he made with HTC, didn’t make the exploit public for a total of 5 days, giving the “Quietly Brilliant” manufacturer time to come up with a fix.
The vulnerability allows for a potentially malicious app to jump onto your WiMax/4G connection and obtain network information or even botch your 4G connection altogether. TrevE even came up with a quick patch as well as a proof of concept app, showing how easy it could be for a would-be hacker to mess with your life. A video of the PoC app in action is provided below.
And now we play the waiting game. HTC recently plugged up one hole in their OTA update that rolled out for all HTC devices on Sprint only a few days ago and now it looks like they’re getting ready to do it all over again. With the ever increasing threat of Android malware on the horizon its nice to know we have a great Android developer community who is on top of issues like this (and keeping OEM’s in check). Thanks, TrevE!