Some HTC smartphone users may find their Wi-Fi passwords and other information exposed due to a new bug, but the company is rolling out a fix.
The vulnerability leaks Wi-Fi credentials and SSID (network name) details to any application with basic Wi-Fi permissions on several HTC handsets, according to an alert issued yesterday by the U.S.
Computer Emergency Readiness workforce (US-CERT). in consequence, an attacker the usage of the correct application can doubtlessly capture and harness the guidelines to hack into the person’s community.
The affected phones include:
* Desire HD (both Ace and Spade board revisions) – Versions FRG83D, GRI40
* Glacier – Version FRG83
* Droid Incredible – Version FRF91
* Thunderbolt 4G – Version FRG83D
* Sensation Z710e – Version GRI40
* Sensation 4G – Version GRI40
* Desire S – Version GRI40
* EVO 3D – Version GRI40
* EVO 4G – Version GRI40
HTC has already applied a fix to most of the affected phones as part of a regular update. But certain phones will need the patch manually installed, according to a notice on the company’s Help page: HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.
The vulnerability was discovered by Chris Hessing, a senior engineer for CloudPath Networks, according to a blog by Bret Jordan, a security architect with Open1X Group.
In his blog, Jordan found out the time frame of the computer virus’s discovery ultimate September and its public disclosure this week, providing insight into how long it can take for such a weak point to come back to mild.
Still, Jordan praised both Google and HTC for their responsiveness and ability to work on the problem.
Google has made adjustments to the Android code to assist better offer protection to the credential store and HTC has launched updates for all recently supported phone and facet-a lot for all non-supported telephone, referred to Jordan.
Google has also scanned every application in the Android Market for this vulnerability and discovered no apps exploiting it at this point, Jordan added.