Follow Technobloom.com on Twitter
HTC HTC devices bugged and exposing Wi-Fi passwords, fix on the way

HTC devices bugged and exposing Wi-Fi passwords, fix on the way

06 February 2012 Last Updated on 06 February 2012 Steve Brashear 0 Comments
  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

A news report released today shows that some HTC devices might actually be exposing your Wi-Fi network password without you knowing about it, but the company said today that a fix is on the way.  The bug was noticed yesterday and allows some applications with basic Wi-Fi permissions to see the password and the name of your network, or SSID.  An alert from the US Computer Emergency Readiness Team was issued yesterday.  In the event that your HTC device was bugged an attacker could be using an application can potentially retrieve and store the information available to hack into the user’s home network.

If you are using one of the following devices you are urged to check for the update that will be available soon and make sure your Wi-Fi access is turned off while you wait for the update.  If your device has not already been updated, you can go to the HTC support site and double check for information regarding the manual download of the update.  A notice on the HTC help page says, “HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.

The phones that are affected and need the update are:

  • Desire HD – both Ace and Spade
  • Glacier – FRG83
  • Droid Incredible – FRF91
  • Thunderbolt 4G FRG83D
  • Sensation Z710e – GRI40
  • Sensation 4G – GRI40
  • Desire S – GRI40
  • EVO 3D and 4G models – GRI40

Chris Hessing, a senior engineer at CloudPath Networks, noticed the bug according to what was posted on the blog of Bret Jordan who is an architect with Open1X Group.  Jordan said the bug was noticed all the way back in September of 2011.  The public was notified this week, so the bug went untreated for almost 4 months, but Jordan said the responsiveness by Google and HTC was good.  He said, “Google has made changes to the Android code to help better protect the credential store and HTC has released updates for all currently supported phone and side-loads for all non-supported phone.

Share and Enjoy
This entry was posted on Monday, February 6th, 2012 and is filed under HTC, Industry Headlines. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply


CAPTCHA Image
*

Login Form