HTC Vows to Fix Android Flaw Revealing Wi-Fi Credentials - larosasupponed1981

HTC is flowing quickly to squash a security flaw that could divulge WI-Fi credentials on the company's Humanoid phones.

Using an app that takes advantage of this blemish, an aggressor could harvest SSID names and passwords for entirely wireless networks that the phone has accessed. For intermediate consumers, this isn't a huge concern, but as researchers Chris Hessing and Bret Jordan note, the exploit "exposes enterprise-privileged credentials in a manner that allows targeted exploitation."

The affected phones are the Desire HD (both "ace" and "spade" board revisions) Versions FRG83D and GRI40; Glacier Version FRG83; Droid Incredible Version FRF91; Thunderbolt 4G Adaptation FRG83D; Sensation Z710e Version GRI40; Sensation 4G – Adaptation GRI40; Desire S – Version GRI40; EVO 3D Translation GRI40; and EVO 4G Adaptation GRI40. HTC's MyTouch 3G and Google Link One are non affected.

HTC has acknowledged the effect, and says near phones have already received a fix through day-after-day updates. Other phones, however, volition require users to manually load the fix. The keep company says it will stimulate Sir Thomas More information on the matter next week.

Hessing and Hashemite Kingdom of Jordan observed the flaw in Sept, and worked with HTC and Google for months before revealing it in public. "Google and HTC birth been same responsive and good to work with on this issue," the researchers wrote, noting that Google made code changes to better protect Wi-Fi credentials and scanned the Android Market for apps that might cost attractive vantage of the security fault. (It recovered none.)

Although a few separate Humanoid vulnerabilities have surfaced in the early, security flaws haven't become a major supply for the weapons platform, as they tend to get fixed before they become a danger to average consumers. The big concerns for Android users are mobile malware and invasive adware, which superficial now and again because of the open nature of the Humanoid Market. Luckily, a snatch of gumption bequeath keep most users safe from mobile security threats.

Follow Jared on Twitter, Facebook or Google+ for eve more technical school news and comment.