Sunday, October 16, 2011

HTC Security OTA Appearing On European Sensations [Update: And Now The GSM EVO 3D, Too]


It's been eleven days since Android Police published this story detailing the discovery by Trevor Eckhart of some serious security issues within HTC's more recent software. Three days after that HTC responded, and now, a further week or so later, we are seeing reports of an "important security update" being pushed to HTC Sensations throughout Europe.
image
Screencap by FG1234 of Android-Hilfe.de
While HTC does not specify exactly what the ~9 MB update addresses, the timing seems right to relate to the preceding story. Besides alluding to some positive-sounding "performance improvements and new features", the update description does not mention any further details, and HTC certainly doesn't dwell on the nature of the security update itself.
The OTA version is 1.45.401.3, and may be polled for by prompting your system to check for an update in the phone settings. A full release log has yet to be found, so we can only presume that it deals with the vulnerability previously reported.


Update Oct. 15th: TrevE has done some digging in the subsequent EVO 3D update (GSM model - no sign of it on Sprint yet), and has extracted the "security update" routine. As you can see in the code below, it essentially deletes the contentious logging files once and for all.
ui_print("Deleting specific files...");
delete_recursive("/data/data/com.htc.loggers/",
"/sdcard/htclog/");
....
"/system/app/HtcLoggers.apk", "/system/app/HtcLoggers.odex",
"/system/app/NetLogger.apk", "/system/app/NetLogger.odex",
"/system/app/QXDM2SD.apk", "/system/app/QXDM2SD.odex",
"/system/bin/androidvncserver", "/system/bin/usbnet",
"/system/lib/libhtc_loggers.so", "/system/lib/libhtc_netlogger.so",
"/system/lib/libhtcqxdm2sd.so",
Source: XDA-Developers, Android-Hilfe.de

0 comments:

Post a Comment

Share Your Views Here