T-Mobile HTC One M8 Gets Selfie-Friendly Android 4.4.4 OTA

The T-Mobie variant of HTC One (M8) just now received an over-the-air update … more

Android L is for Lockdown

Root is, without a doubt, the (un)holy grail of the Android world. Those wonderful permissions that allow you as … more

XDA Xposed Tuesday: XHangouts Will Improve Your Hangouts

Ever since Google started supporting text messaging in Hangouts many people have … more

Shattered Screen? Turn Your Broken Device into a Complete Media Center!

A cracked screen usually means you’ll have to spend a hefty … more
Thread Closed

HTC Peep

OP egzthunder1

4th February 2011, 09:23 PM   |  #1  
egzthunder1's Avatar
OP Member Advocate Admin - Spirit of XDA
Flag At The Good End Of My Hammer, Likes: My Family & XDA, Dislikes: Incompetence
Thanks Meter: 4,998
 
18,520 posts
Join Date:Joined: Jul 2005
More
Seems that HTC is finally acknowledging Peep's vulnerabilities and while not publicly releasing an update, they will send it out to people who request it...

http://blog.taddong.com/2011/02/vuln...p-twitter.html
The Following User Says Thank You to egzthunder1 For This Useful Post: [ View ]
4th February 2011, 11:13 PM   |  #2  
cajunflavoredbob's Avatar
Senior Member
Flag Your Basement
Thanks Meter: 6,809
 
9,605 posts
Join Date:Joined: May 2010
More
It's about time they got a fix out for it!

By the way, the Tweet for @xdadevelopers went out saying this was for Android users, instead of Windows Mobile users.
4th February 2011, 11:49 PM   |  #3  
orb3000's Avatar
XDA Portal Team / Senior Moderator
Flag T r a v e l i n g Likes: HTC & XDA Dislikes: apples...
Thanks Meter: 3,040
 
22,287 posts
Join Date:Joined: Feb 2007
Donate to Me
We have published an article regarding this situation on our Portal

http://www.xda-developers.com/androi...bility-update/
5th February 2011, 01:32 AM   |  #4  
BrotherG's Avatar
Senior Member
Thanks Meter: 14
 
178 posts
Join Date:Joined: Aug 2007
How did you find the vulnerability, is there a packet analyzing tool for android?
5th February 2011, 02:27 AM   |  #5  
cajunflavoredbob's Avatar
Senior Member
Flag Your Basement
Thanks Meter: 6,809
 
9,605 posts
Join Date:Joined: May 2010
More
No luck
I just received a response from HTC saying they have no idea what I'm talking about. I just sent them back a response with the linked article. Hopefully someone can get the update from them and post it here so we don't have to deal with them at all.
5th February 2011, 07:28 AM   |  #6  
Lothaen's Avatar
Senior Member
Thanks Meter: 407
 
4,005 posts
Join Date:Joined: Jun 2010
More
So is this Windows mobile only, or Android too?

Sent from my HTC Desire using XDA App
5th February 2011, 07:30 AM   |  #7  
cajunflavoredbob's Avatar
Senior Member
Flag Your Basement
Thanks Meter: 6,809
 
9,605 posts
Join Date:Joined: May 2010
More
Quote:
Originally Posted by Lothaen

So is this Windows mobile only, or Android too?

Sent from my HTC Desire using XDA App

I don't think Android uses Peep in its interface for Sense. I'm not 100% positive on that, but I know we've had an issue with this for WM for about five or six months now.
5th February 2011, 04:39 PM   |  #8  
cajunflavoredbob's Avatar
Senior Member
Flag Your Basement
Thanks Meter: 6,809
 
9,605 posts
Join Date:Joined: May 2010
More
In trying to get a hold of this update, here are my responses from HTC so far for anyone interested.

Quote:
Originally Posted by Me

I just heard about the update to HTC Peep for Windows mobile users. I have an AT&T Tilt2 with Sense loaded on it. I was hoping you guys could send me the Peep update so I could use that tab again without worrying.

Quote:
Originally Posted by Kathleen

I understand how important it is for you to be able to update your Peep application. Unfortunately, we are not aware of an update for the Peep application. I have looked for the update and it is nowhere to be found. You will need to keep an eye on http://www.htc.com/us/support/tilt-2-att/downloads/ for updates for your device.

Quote:
Originally Posted by Me

I read about the security flaw in the HTC Peep tab back in August and never used it because of this. The Peep application discloses the username and password via a HTTP OAuth-related request during the initial sign in to anyone eavesdropping on the connection. It also exposes the username and password after the connection is established by having all of the requests from the mobile device to the Twitter service use a HTTP Basic authentication header even though the app is supposed to be using OAuth. For more information, please refer to this article: http://blog.taddong.com/2011/02/vuln...p-twitter.html

Quote:
Originally Posted by Lindsay

We have not made an official update, any updates found on 3rd Party websites are up to you to do the research and download yourself. Just know these updates are considered rooting on your Tilt 2, so make sure before you update you do the research.

Quote:
Originally Posted by Me

Then when will the update be made public? It is kind of a pain that I've waited for six months now to use a feature of this device because of a security issue. Also, how would this be considered rooting since I'm not using an Android device? Windows Mobile users have administrator-like privileges by default in this operating system. There is no such thing as rooting on a Windows Mobile device.

Quote:
Originally Posted by Lindsay

If you re-write the ROM it is considered rooting. If you can add any applications to the SD Card and install it to the device, that is not rooting. We do not have any information on any updates available for your device at this time. I apologize that we do not have any updates for HTC Peep.

Quote:
Originally Posted by Me

I don't mean to sound insulting, but rooting is not the same as flashing a custom ROM. Rooting is gaining root-level administrator privileges on a Linux based operating system. Windows Mobile provides this access to the user by default. There is no other setting for this. Android, being a Linux based distro, does not come with root privileges installed to protect itself from users inadvertently messing around with things they shouldn't. It is the same thing on desktop operating systems like Ubuntu, Fedora, and the like. Rooting is completely different from flashing a custom ROM, as you are suggesting. Either way, an updated Sense tab using HTTPS, as it originally should have done, would be as simple as installing a *.cab file. My question, then, becomes to whom should I address this issue to get further support should I decide to call about it with the information I have?

Quote:
Originally Posted by Lindsay

The fact is we do not have an update for your device at this time. I apologize for this, but at this time we do not have any updates.

Quote:
Originally Posted by Me

Yes, you mentioned that. I asked whom I should voice my concerns with since this is the case. I understand that you don't have any information to offer me. I wasn't questioning that. I would simply like to know where I should go from here as there has been a serious security flaw in this device for quite some time. I do not mean to insult you, if I have done so, and apologize if I have, but I want this matter resolved once and for all. Obviously, the users are not allowed to modify the HTC Sense code or this would have been resolved some time ago. If some users were allowed the Peep source code, this could be rectified very quickly with the SenseSDK, but as that isn't an option, I, and several others, look to HTC to provide support for their product and software. If it is simply a problem of my device becoming outdated, then the HTC HD2 (Leo_512, Leo_1024) has the same problem on the latest ROM image as well.

Quote:
Originally Posted by Lindsay

I have sent the forum you sent me to the appropriate department for review. If you would like to troublahoot you device I would be glad to further assist you, but at this time this email will need to be closed if there is no troubleshooting to be done on your device. Again, I have sent the forum to the appropriate department.

THREAD CLOSED

It doesn't look like HTC is playing ball here. I'm going to continue to try to figure this out as I would love to actually be able to use the Twitter tab for a change. I never really used it because of the security flaw that was found.
Last edited by cajunflavoredbob; 5th February 2011 at 08:11 PM.
6th February 2011, 12:47 AM   |  #9  
reverepats's Avatar
Recognized Themer
Flag Boston,MA
Thanks Meter: 5,273
 
6,404 posts
Join Date:Joined: Dec 2010
Donate to Me
More
i contected taddong and they told me
yeah they told me they had no idea what i was talking about....i contacted "tadong" and they told me to sedn the link from there site regarding the issue to HTC and he would handle them if they wanted more info on it...i guess we'll see what happens

















It doesn't look like HTC is playing ball here. I'm going to continue to try to figure this out as I would love to actually be able to use the Twitter tab for a change. I never really used it because of the security flaw that was found.[/QUOTE]
6th February 2011, 06:26 AM   |  #10  
xfullmetal17's Avatar
Senior Member
Thanks Meter: 45
 
598 posts
Join Date:Joined: Jan 2011
Donate to Me
More
Uh... "If you can add any applications to the SD Card and install it to the device, that is not rooting."

Under that logic, if unrevoked forever ever releases a .apk to turn S-OFF, does that imply that merely doing that to get root access isn't rooting?

edit: this is what happens when companies aren't smart enough to release some kind of auto-app updater, separate from OTA updates. Stuff like this takes an eternity. How hard is it to add an "s" to the http of the authentication? (for that matter, why the hell is Twitter letting you log in this way in the first place?)
Last edited by xfullmetal17; 6th February 2011 at 06:41 AM.

Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in General by ThreadRank