Friday, 3 February 2012

HTC releases fix for Wi-Fi security issues

Arelatively unknown bug had surfaced, last September, which was discovered by security researchers Chris Hessing and Bret Jordan. This bug had affected Android handsets from HTC and the severity of this bug was quite high, as it could allow malicious apps to leak Wi-Fi security information, a report by TNW states. The report reads, “Any Android application on an affected HTC handset with the android permission, ACCESS_WIFI_STATE permission would be able to call upon the .toString() command in the WifiConfiguration class to view all credentials of a Wi-Fi network. If combined with the Android permission, INTERNET permission, attackers could then harvest the details and send them to a remote server on the Internet.” This also includes access to one’s Wi-Fi passwords.
Update automatically fixes Wi-Fi bug
Update automatically fixes Wi-Fi bug

HTC has released a statement on their official support site stating, “HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.” 

HTC claims that only a small number of devices have been affected and those that were affected would have the fix automatically pushed to their handsets. They claim that most handsets have already been fixed, but a small number of smartphones that haven’t been fixed will have to visit the support site in a week’s time and manually download the update to fix this issue with their handset. 

In a related report by Androidcentral, the smartphones affected by this malicious bug include:

  • HTC Desire HD (Froyo, Gingerbread)
  • T-Mobile myTouch 4G (Froyo)
  • HTC Desire S (Gingerbread)
  • HTC Sensation (Gingerbread)
  • HTC EVO 3D (Gingerbread)
  • HTC Droid Incredible (Froyo)
  • HTC Thunderbolt 4G (Froyo)

The report goes on to add that the security researchers discovered this bug in September, but everything had been kept under wraps. They then worked with Google and HTC over the preceding months to discover what caused this bug and issue a fix for it, thereafter

No comments:

Post a Comment