Wednesday, February 8, 2012

HTC Patched Wi-Fi Vulnerability In Its Android Phones



Wi-Fi vulnerability in Android Phones of HTC has been pacthed. The company has provided a firmware update to fix a "small" security hole which allowed Wi-Fi credentials to be easily stolen. Both HTC and Google were informed of the problem last September.


Chris Hessing and Bret Jordan, security architects at Open1X Said: "There is an issue in certain HTC builds of Android that can expose the user's 802.1X Wi-Fi credentials to any program with basic Wi-Fi permissions, When this is paired with the internet access permissions, which most applications have, an application could easily send all stored Wi-Fi network credentials (user names, passwords, and SSID information) to a remote server."

HTC said it had developed a fix for the issue. "Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded." Affected devices include the Desire HD, Glacier, Droid Incredible, Thunderbolt 4G, Sensation, Sensation 4G, Desire S, Evo 3D and Evo 4D. Despite the big time lapse between the discovery of the issue and HTC releasing a fix, Hessing and Jordan commended the two firms' handling of the problem.

"Google and HTC have been very responsive and good to work with on this issue. Google has made changes to the Android code to help better protect the credential store and HTC has released updates for all currently supported phones and side-loads for all non-supported phones," they said.

0 comments:

Post a Comment