HTC Peep Leaking Twitter Passwords; Fix Available By Request

Advertisement

You may remember that late last summer, HTC’s Peep Twitter client ran into some problems connecting to the service after Twitter upgraded its login method to support OAuth. While the company got a fix ready within a few days, apparently it left behind a security hole or two, potentially exposing your account information. Now HTC has a fix available, though you’ll have to do a little work to get it.

The introduction of OAuth was supposed to make connecting to Twitter more secure, in a delicious bit of irony. The way HTC Peep has been sending its login info, anyone monitoring your internet connection could snatch your Twitter password out of the air. While a cellular data hookup is secure enough, unless you’re going up against some NSA-type adversaries, WiFi is a trickier business. Connect to the wrong open access point, and some 14-year-old script kiddie could retrieve your Twitter password with ease. All he’d need to do is log Peep’s transmissions, as HTC sends the valuable data as unencrypted, plain text.

While HTC has a secure version of Peep, it’s not yet available for download. The researcher who discovered the vulnerability and notified HTC has been in touch with the company, and was told that HTC will provide its customers with the fix if they ask for it. The company may be doing a little more bug-testing to make sure the patch is solid before putting it into wide release. For the time being, if you contact HTC directly, apparently it will send out the patch on a case-by-case basis.

Source: Taddong

Via: XDA-Developers

Share This Post
Advertisement
What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!