Taiwan-based electronics maker HTC settled charges with US regulators
that it failed to provide adequate security for smartphones and tablet
computers sold to Americans, officials said Friday.
The Federal Trade
Commission said HTC agreed "to develop and release software patches to
fix vulnerabilities found in millions of HTC devices."
No financial penalty against the company was announced.
The
FTC said it investigated allegations that HTC "failed to take
reasonable steps to secure the software it developed for its smartphones
and tablet computers, introducing security flaws that placed sensitive
information about millions of consumers at risk."
The settlement
requires HTC America "to establish a comprehensive security program
designed to address security risks during the development of HTC devices
and to undergo independent security assessments every other year for
the next 20 years," the statement said.
An FTC complaint filed at
the same time as the settlement said HTC, which makes devices using both
Microsoft Windows and the Google Android operating systems, made
modifications to software which sacrificed security.
In some instances, the complaint said, HTC "undermined the Android operating system's permission-based security model."
The
flaws could allow hackers to introduce malware which could
"surreptitiously record phone conversations or other sensitive audio, to
surreptitiously track a user's physical location, and to perpetrate
'toll fraud,'" a practice of sending text messages in order to collect
fees, the FTC said.
The FTC said that malware could also be used to steal financial account numbers or medical information stored on the devices.