HTC software vulnerability settlement with FTC approved

HTC Security FTC Settles

The U.S. Federal Trade Commission on Tuesday approved a settlement with HTC for not adequately securing its mobile devices. It was discovered that the company’s software contained a number of security flaws that “placed sensitive information about millions of consumers at risk.” The settlement, which was proposed this past February, requires HTC to issue an update to fix vulnerabilities in a number of devices that were found to affect millions of users. The FTC is also requiring the company to “establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.” In addition, any statements made by HTC regarding the security of its devices that are found to be false or misleading could be punishable with fines of up to $16,000 per occurrence. The FTC’s press release follows below.

FTC Approves Final Order Settling Charges Against HTC America Inc.
Following a public comment period, the Federal Trade Commission has approved a final order settling charges that HTC America Inc. failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.

The settlement with HTC America, announced by the FTC in February 2013, requires the company to develop and release software patches to fix vulnerabilities in millions of the company’s devices. The company is also required to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.

In addition, the settlement prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices. Violations of the consent order may be subject to civil penalties of up to $16,000 per violation.

The Commission vote approving the final order and letters to members of the public who commented on it was 3-0-1, with Commissioner Ohlhausen recused.

Via:
Engadget
blog comments powered by Disqus