HTC has acknowledged what it calls a "small" issue on certain Android-powered devices, which may expose the passwords to Wi-Fi networks you have connected to. Security researchers Chris Hessing and Bret Jordan first discovered the flaw, which allows third-party applications to see your Wi-Fi credentials in full.
Applications with access to the "android.permission.ACCESS_WIFI_STATE" permission, according to The Next Web, are able to use a certain command (.toString()) in the "WifiConfiguration" class to access all of the information for a wireless network you are connected to — including the password required for access.
If combined with the android.permission.INTERNET permission, attackers could then harvest the details and send them to a remote server on the Internet.
The flaw affects a large number of HTC devices, including:
- Desire HD (both "ace" and "spade" board revisions) – Versions FRG83D, GRI40
- Glacier – Version FRG83
- Droid Incredible – Version FRF91
- Thunderbolt 4G – Version FRG83D
- Sensation Z710e – Version GRI40
- Sensation 4G – Version GRI40
- Desire S – Version GRI40
- EVO 3D – Version GRI40
- EVO 4G – Version GRI40
It appears that HTC's MyTouch 3G and Nexus One devices are not affected.
If you device is vulnerable, you'll be pleased to know that the Taiwanese company has already developed a fix, which it announced in a small bulletin on its support site on January 31. Many of you won't need to do anything to update your device — it will have already been done — but others will have to update manually when the download is available… next week:
HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.
Even without this fix, however, your device should be safe as long as you do not download apps from the Android Market that are specifically designed to harvest these details. So, simply put, don't download anything that you do not trust for the time being.
It's a shame HTC's devices have been subjected to another security flaw, but it's great to see it has already provided a fix.
Is your HTC handset affected by this issue?
[via The Next Web]
We may earn a commission for purchases using our links. Learn more.
Add magic to your living space with these string lights
String lights add personality and soft light to your living space. Here are some of the best.
Disguise your little one with the help of a themed costume
From roaring lions to hoppy bunnies, costumes speak to every child's unique spirit. And we've collected our favorite options.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
Find the right wall charger for your new iPhone 12
The new iPhone will not come with a wall charger in the box. If you are looking to buy the phone you will need to buy a charger as well. We've got you covered.