MWR InfoSecurity, a security firm revealed that a HTC smartphone can be used as a remote bugging device. Revealing its findings at Black Hat Security Conference in Dubai, MWR’ Nils said that mobile phone users globally are open to exactly the same risks as a user of a poorly secured desktop computer and the more it was testing devices, the more security flaws it was finding.
MWR didn’t reveal which HTC device is vulnerable and how the security flaw could be harnessed by hackers.
”A user would never know that every word they were saying was being recorded and transmitted back to the attacker and the attack (once executed) would be trivial to perform,” he said.
In August, MWR revealed that the Palm Pre could also act as a remote bug, with a specially crafted message all that was required to completely compromise the phone’s operating system. The firm also pointed out a vulnerability in Google’s Android platform that allowed login credentials and cookies to be stolen.
Nils pointed the finger of blame for mobile security flaws at both manufacturers and mobile carriers.