HTC has acknowledged that some the company’s handsets contain a security hole involving the handling of certain data requests while connected to a Wi-Fi network. Security researchers Chris Hessing and Bret Jordan discovered the vulnerability, which could use the android.permission.ACCESS_WIFI_STATE permission to create a command to view all Wi-Fi credentials while connected to the network. The researchers discovered the flaw in September, however over the past few months they have worked with HTC and Google to patch things up before going public. The hole could have been used to transmit information to a remote server using the Internet access permission. Read on for more.
“HTC has developed a fix for a small WiFi issue affecting some HTC phones,” HTC posted on its support site. “Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.”
Four Froyo devices are vulnerable to the exploit — the Glacier (myTouch 4G), DROID Incredible, Thunderbolt 4G and Desire HD — and four Gingerbread devices are vulnerable — the Desire HD, Desire S, Sensation and EVO 3D.