The Inquirer-Home

HTC sends out a fix for WiFi security problem

Knew about it since September
Thu Feb 02 2012, 16:28

TAIWANESE PHONE MAKER HTC has sent out an update to fix a vulnerability that exposed WiFi credentials on its smartphones.

Security researchers at Open1X outlined the flaw, which they describe as critical. They revealed that HTC and Google were informed of the problem last September.

Chris Hessing and Bret Jordan, security architects at Open1X said, "There is an issue in certain HTC builds of Android that can expose the user's 802.1X WiFi credentials to any program with basic WiFi permissions."

They added, "When this is paired with the Internet access permissions, which most applications have, an application could easily send all stored WiFi network credentials (user names, passwords, and SSID information) to a remote server."

HTC said, "HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone."

Affected devices include the Desire HD, Glacier, Droid Incredible, Thunderbolt 4G, Sensation, Sensation 4G, Desire S, Evo 3D and Evo 4D.

Despite the big time lapse between the discovery of the issue and HTC releasing a fix Hessing and Jordan commended the two firms' handling of the problem, saying, "Google and HTC have been very responsive and good to work with on this issue. Google has made changes to the Android code to help better protect the credential store and HTC has released updates for all currently supported phones and side-loads for all non-supported phones." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?