Mobile device manufacturer HTC America has agreed to settle charges that it failed to patch a security vulnerability on its smartphones and tablet computers.
These failures introduced security flaws that placed sensitive information about millions of consumers at risk. The flaw was first discovered by a developer in 2011.
The settlement with the Federal Trade Commission requires HTC America to develop and release software patches to fix vulnerabilities found in millions of HTC devices, as well as establish a comprehensive security program designed to address security risks during the development of HTC devices. The company also agreed to independent security assessments every other year for the next 20 years.
HTC’s mobile devices are based on the Android, Windows Mobile, and Windows Phone operating systems.
The vulnerabilities allowed malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent.
Malware placed on consumers’ devices without their permission could be used to record and transmit information entered into or stored on the device (i.e., financial account numbers).