|USA Edition||Today Is Monday December 9th, 2013|
|We know now that Government by organized money is just as dangerous as Government by organized mob - Franklin Delano Roosevelt|
|Governor Jerome H. Powell On Great Recession Monetary Policy||Browse All Content||U.S. Africa Command Deploys Drone Resources To Niger In Support Of Mali Operations|
|Previous In Section||Browse
Federal Trade Commission Section
|Next In Section|
… HTC America failed to employ reasonable and appropriate security practices in the design and customization of the software on its mobile devices.
HTC America Settles FTC Charges It Failed To Secure Millions Of Mobile Devices Shipped To Consumers
Company Required to Patch Vulnerabilities on Smartphones and Tablets
February 22, 2013
Mobile device manufacturer HTC America has agreed to settle Federal Trade Commission charges that the company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.
The settlement requires HTC America to develop and release software patches to fix vulnerabilities found in millions of HTC devices. In addition, the settlement requires HTC America to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.
HTC America, Inc., a leading mobile device manufacturer in the United States, develops and manufactures mobile devices based on the Android, Windows Mobile, and Windows Phone operating systems. HTC America has customized the software on these devices in order to differentiate itself from competitors and to comply with the requirements of mobile network operators.
The Commission charged that HTC America failed to employ reasonable and appropriate security practices in the design and customization of the software on its mobile devices. Among other things, the complaint alleged that HTC America failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities, failed to follow well-known and commonly accepted secure coding practices, and failed to establish a process for receiving and addressing vulnerability reports from third parties.
To illustrate the consequences of these alleged failures, the FTC’s complaint details several vulnerabilities found on HTC’s devices, including the insecure implementation of two logging applications – Carrier IQ and HTC Loggers – as well as programming flaws that would allow third-party applications to bypass Android’s permission-based security model.
Due to these vulnerabilities, the FTC charged, millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent. The FTC alleged that malware placed on consumers’ devices without their permission could be used to record and transmit information entered into or stored on the device, including, for example, financial account numbers and related access codes or medical information such as text messages received from healthcare providers and calendar entries concerning doctor’s appointments. In addition, malicious applications could exploit the vulnerabilities on HTC devices to gain unauthorized access to a variety of other sensitive information, such as the user’s geolocation information and the contents of the user’s text messages.
Moreover, the complaint alleged that the user manuals for HTC Android-based devices contained deceptive representations, and that the user interface for the company’s Tell HTC application was also deceptive. In both cases, the security vulnerabilities in HTC Android-based devices undermined consent mechanisms that would have otherwise prevented unauthorized access or transmission of sensitive information.
The settlement not only requires the establishment of a comprehensive security program, but also prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices. HTC America and its network operator partners are also in the process of deploying the security patches required by the settlement to consumers’ devices. Many consumers have already received the required security updates. The FTC encourages consumers to apply the updates as soon as possible.
The settlement with HTC America is part of the FTC’s ongoing effort to ensure that companies secure the software and devices that they ship to consumers. Earlier this month, the FTC introduced Mobile App Developers: Start with Security, a new business guide that encourages app developers to aim for reasonable data security. In addition, on June 4, 2013, the Commission will host a public forum on malware and other mobile security threats in order to examine the security of existing and developing mobile technologies and the roles that various members of the mobile ecosystem can play in protecting consumers.
Source: Federal Trade Commission
|Governance & Privacy|
|International Monetary Fund||Federal Reserve||European Central Bank||United Nations|
|Justice Department||State Department||Defense Department||Treasury Department||Transportation Department||Homeland Security Department||Commerce Department||Energy Department||Interior Department||Securities & Exchange Commission||Federal Trade Commission||National Institutes Of Health|
Seeing Is Believing
Thinking & AnalysisCritical Thinking
U.S. MilitaryAir Force
Legal & CourtsFederal Courts
Judgments & Opinions
House Of Representatives
Library Of Congress
United States Senate
HumanitiesBusiness Of Life
The Human Condition
OpinionCivility & Values
Conversations With America
Food For Thought
Contact UsOffer A Comment
Letters To The Editor
About UsAsk Newsroom
Errors & Omissions
Standards & PracticesCode Of Ethics
Government, Institutional And Commercial News Standards
Newsroom Magazine Founding Contributors
Newsroom Magazine USA Edition | Copyright © 2006 - 2013 Newsroom Publishing, Inc. | All Rights Reserved
Newsroom Magazine Is Powered By YourColo Data Power Station Servers
Newsroom Publishing Content Access Monitored By Tracker CMS Metrics
Data Power Station Load When This Page Was Delivered Was 10.42 % Of Allocated Power Station Capacity
SQL Queries For This Page = 166
Page Generation Time = 879 milliseconds