HTC has acknowledged what it calls a "small" issue on certain Android-powered devices, which may expose the passwords to Wi-Fi networks you have connected to. Security researchers Chris Hessing and Bret Jordan first discovered the flaw, which allows third-party applications to see your Wi-Fi credentials in full.
Applications with access to the "android.permission.ACCESS_WIFI_STATE" permission, according to The Next Web, are able to use a certain command (.toString()) in the "WifiConfiguration" class to access all of the information for a wireless network you are connected to — including the password required for access.
If combined with the android.permission.INTERNET permission, attackers could then harvest the details and send them to a remote server on the Internet.
The flaw affects a large number of HTC devices, including:
- Desire HD (both "ace" and "spade" board revisions) – Versions FRG83D, GRI40
- Glacier – Version FRG83
- Droid Incredible – Version FRF91
- Thunderbolt 4G – Version FRG83D
- Sensation Z710e – Version GRI40
- Sensation 4G – Version GRI40
- Desire S – Version GRI40
- EVO 3D – Version GRI40
- EVO 4G – Version GRI40
It appears that HTC's MyTouch 3G and Nexus One devices are not affected.
If you device is vulnerable, you'll be pleased to know that the Taiwanese company has already developed a fix, which it announced in a small bulletin on its support site on January 31. Many of you won't need to do anything to update your device — it will have already been done — but others will have to update manually when the download is available… next week:
HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.
Even without this fix, however, your device should be safe as long as you do not download apps from the Android Market that are specifically designed to harvest these details. So, simply put, don't download anything that you do not trust for the time being.
It's a shame HTC's devices have been subjected to another security flaw, but it's great to see it has already provided a fix.
Is your HTC handset affected by this issue?
[via The Next Web]
We may earn a commission for purchases using our links. Learn more.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
Win an iPhone, iPad and Apple Watch with the Reader's Choice giveaway!
What's the best phone of 2019? Is it the iPhone 11 Pro, Pixel 4 or OnePlus 7T? What about the best laptop, games console, tablet and more? Vote NOW in the Reader's Choice awards and win BIG in time for the holidays!
Here are the best products from IFA 2019!
Here are the products announced at IFA 2019 that were worthy of our Best of IFA 2019 awards. Also featuring MrMobile's single best product at the show!
Here are the best screen protectors for the Google Pixel 3a
Before you take the Pixel 3a on your next photoshoot, make sure to install a screen protector on the device to keep the display pristine for months to come.