Free Newsletters - Space - Defense - Environment - Energy - Solar - Nuclear
by Staff Writers
Washington (AFP) Feb 22, 2013
Taiwan-based electronics maker HTC settled charges with US regulators that it failed to provide adequate security for smartphones and tablet computers sold to Americans, officials said Friday.
The Federal Trade Commission said HTC agreed "to develop and release software patches to fix vulnerabilities found in millions of HTC devices."
No financial penalty against the company was announced.
The FTC said it investigated allegations that HTC "failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk."
The settlement requires HTC America "to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years," the statement said.
An FTC complaint filed at the same time as the settlement said HTC, which makes devices using both Microsoft Windows and the Google Android operating systems, made modifications to software which sacrificed security.
In some instances, the complaint said, HTC "undermined the Android operating system's permission-based security model."
The flaws could allow hackers to introduce malware which could "surreptitiously record phone conversations or other sensitive audio, to surreptitiously track a user's physical location, and to perpetrate 'toll fraud,'" a practice of sending text messages in order to collect fees, the FTC said.
The FTC said that malware could also be used to steal financial account numbers or medical information stored on the devices.
Microsoft added to hacker hit list
"As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion," Trustworthy Computing team general manager Matt Thomlinson said in a blog post.
"During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations."
There was no evidence customer data was stolen but an investigation into the attack was continuing, according to Thomlinson.
"This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries," he said.
Apple said Tuesday that hackers invaded its system in an attack similar to one recently carried out against Facebook, but that it repelled the intruders before its data was plundered.
The maker of iPhones, iPads, iPods and Macintosh computers said it was working with law enforcement officials to hunt down the hackers, who appeared tied to a series of recent cybe attacks on US technology firms.
"The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," Apple told AFP.
The malicious software, or malware, took advantage of a vulnerability in a Java program used as a "plug-in" for Web-browsing programs.
A "small number" of computer systems at Apple were infected but they were isolated from the main network, according the Silicon Valley-based company.
"There is no evidence that any data left Apple," Apple said.
Word of hackers hitting Apple came just days after leading social network Facebook said it was "targeted in a sophisticated attack" last month, but that no user data was compromised.
Facebook said malware that infected some of its machines came from a mobile developer website that had been booby-trapped.
Early this month, Twitter said it was hammered by a cyberattack similar to those that recently hit major Western news outlets, and that the passwords of about 250,000 users were stolen.
While those behind the attacks had yet to be identified, computer security industry specialists have expressed suspicions about China-sponsored hackers and Eastern European crime gangs.
Cyberwar - Internet Security News - Systems and Policy Issues
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2014 - Space Media Network. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA Portal Reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement|