We recently saw the arrival of software updates for many HTC models, fixing a privacy-related security flaw. No sooner are users installing that patch than a new vulnerability has been revealed, showing flaws in the security of WiMAX 4G radios.
The crux of the issue is that on HTC WiMAX phones, a process keeps a couple ports open for WiMAX diagnostics. Problem is, there’s no authentication done on those, so any app that you grant internet permissions to could conceivably connect over those ports and start modifying WiMAX settings. Not only can it read information about your account, but it could change values to render your phone’s radio near-unusable until the damage is repaired. Poor input checking means that sending a bad command, even one that’s just a single character, can full-on crash your phone.
HTC’s been made aware of the issue, and is reportedly working on preparing a new set of updates. If you’re impatient, there’s a relatively simple fix you can do yourself, blocking access to unauthorized connections to the WiMAX process. It’s available through the source link below.