HTC Admits Security Exploit Affects Specific Handsets, Says Fix is Already Out for Most Affected Devices

It seems that HTC is always in the news for one security scare or another. Well you can add this to the pile as HTC has acknowledged that a bug/exploit can expose security credentials on wifi networks when their devices handle specific Android requests.

It was found that applications on affected HTC devices with the android.permission.ACCESS_WIFI_STATE permission would be able to exploit the .toString() command via the WifiConfiguration class to view all of a wifi network’s credentials. Combine this with the android.permission.INTERNET permission and hackers could have a field day in harvesting these details and sending them off to a remote server. These exploits happened to be found by researchers Chris Hessing and Bret Jordan. 

The following devices have been affected by this flaw:

Both the MyTouch 3G and the Nexus One aren’t affected however and for those affected HTC had this to say on their support site:

“HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades.However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.”

Now before you get all riled up know that most HTC handsets have received an update that automatically patches the issue, but a few of them will require a manual update to fix. According to HTC, you should check out the site next week for more details pertaining to performing this update.

While the exploit would require the user to install apps that are specifically designed to harvest these details the impact is probably minimal given that most phishing and malware related apps are snaked out well before becoming popular. That is not to say that a security risk doesn’t exist however.

If you are the weary owner of one of these affected devices chances are you’ve received the exploit fix in an OTA within the past few months. If you’re not sure you can scroll down just a bit further to check where your device sits on the HTC support site. Here’s hoping that we won’t see HTC in the news anymore regarding issues with device security!

source: HTC Support
via: TNW

» See more articles by Jack Holt

Categorized as Android Development, Android Hacks, Android Manufacturers, Android News, Android Phones, Android Security, Android Software

View the original article here

Read more »

Samsung – The Next Big Thin is Already Here Part 4: “We Just Got Samsunged”

Ready for another good laugh courtesy of Samsung? Good because Samsung just released their latest Galaxy S II commercial, and boy it’s a hoot!

This is the fourth installment in their line of “The next big thing” commercials and they just keep getting better. Not that you had to ask, but it takes place in line at an Apple store and makes a playful jab at iPhone fans. The commercial promotes the Galaxy S II and its built in turn-by-turn navigation features. Not too much to brag about but the video is great nonetheless. Check it out and let us know what you think. If you missed the first three or simply want to revisit them in an effort to make a series out of the experience, check out part 1, 2, and 3. Hurry, before you get Samsunged!!

[via Google+]

» See more articles by Stacy Bruce

Categorized as Android Manufacturers, Android Phones

View the original article here

Read more »