HTC Security Flaws Let Hackers Listen To Phone Calls, Read Text Messages

A woman walks past a HTC store in Taipei on February 4, 2013.  Taiwan's top smartphone maker HTC said on February 4 its net p
A woman walks past a HTC store in Taipei on February 4, 2013. Taiwan's top smartphone maker HTC said on February 4 its net profit in the three months to December plunged 91 percent from a year ago to Tw$1.0 billion (33.78 million USD). AFP PHOTO / Mandy CHENG (Photo credit should read Mandy Cheng/AFP/Getty Images)

HTC, the Taiwanese cell phone maker, allowed hackers to read consumers' text messages, track their locations and listen to their phone calls by failing to secure millions of smartphones and tablets, federal regulators said Friday.

The Federal Trade Commission said it had reached a settlement with HTC over charges that the company "failed to employ reasonable and appropriate security practices" for software installed on about 18 million mobile devices.

HTC did not test its pre-installed software for potential security flaws and allowed third-party apps that could contain malicious software to be downloaded onto devices without users' consent, the commission said.

For example, HTC pre-installed a custom voice recorder app on its phone without users' permission. If hackers downloaded malware on to a phone, they could use the voice recorder to tap users' phone conversations, the commission said.

As a result, HTC gave hackers the ability to "physically track or stalk individuals" and "capture private details of an individual’s life," the commission said in a complaint.

The security flaws also left consumers vulnerable to what is called "toll fraud" -- when hackers send premium text messages from phones then collect the profits while victims receive massive phone bills.

Two years ago, HTC briefly stood at the top of the U.S. smartphone market, but has since fallen behind Apple and Samsung and commands less than 10 percent of the market.

The settlement requires HTC and its wireless partners to fix security flaws on consumers’ devices, create a program to address future risks and undergo independent security assessments every other year for the next 20 years.

A spokeswoman for HTC said the company had addressed the security flaws on the majority of devices and was working to release more software updates to fix remaining vulnerabilities.

"Privacy and security are important, and we are committed to improving practices that help safeguard our customers' devices and data," HTC spokeswoman Sally Julien said in a statement.