4:51 PM
Unknown
It seems that HTC is always in the news for one security scare or another. Well you can add this to the pile as HTC has acknowledged that a bug/exploit can expose security credentials on wifi networks when their devices handle specific Android requests.
It was found that applications on affected HTC devices with the android.permission.ACCESS_WIFI_STATE permission would be able to exploit the .toString() command via the WifiConfiguration class to view all of a wifi network’s credentials. Combine this with the android.permission.INTERNET permission and hackers could have a field day in harvesting these details and sending them off to a remote server. These exploits happened to be found by researchers Chris Hessing and Bret Jordan.
The following devices have been affected by this flaw:
Both the MyTouch 3G and the Nexus One aren’t affected however and for those affected HTC had this to say on their support site:
“HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades.However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.”
Now before you get all riled up know that most HTC handsets have received an update that automatically patches the issue, but a few of them will require a manual update to fix. According to HTC, you should check out the site next week for more details pertaining to performing this update.
While the exploit would require the user to install apps that are specifically designed to harvest these details the impact is probably minimal given that most phishing and malware related apps are snaked out well before becoming popular. That is not to say that a security risk doesn’t exist however.
If you are the weary owner of one of these affected devices chances are you’ve received the exploit fix in an OTA within the past few months. If you’re not sure you can scroll down just a bit further to check where your device sits on the HTC support site. Here’s hoping that we won’t see HTC in the news anymore regarding issues with device security!
source: HTC Support
via: TNW
» See more articles by Jack Holt
Categorized as Android Development, Android Hacks, Android Manufacturers, Android News, Android Phones, Android Security, Android Software
