HTC Confirms WiFi Security Bug; Some Updates Already Available

Besides “don’t download apps from sketchy sources”, one of the big rules of keeping your Android device safe is “think carefully about approving app requests for system permissions”. That latter one can be tricky to encourage, since it requires the user to do a bit of critical thinking at the time of installation; does that Sudoku-solving app you downloaded really need the ability to send SMS messages? The idea is, though, that if you are smart about granting permissions, you can stop malicious apps from taking advantage of you. Sometimes it’s not that simple, and the request of a seemingly innocuous permission can give an app more access to your phone than you’d like. That’s the case here, with news arriving today of an exploit present on certain HTC devices.

The problem on phones affected by this issue is that apps granted the ACCESS_WIFI_STATE permission can do more than simply check on the status of your WiFi connection; these models return such requests with full WiFi password details. An app with both this and internet permissions could, in theory, go about surreptitiously harvesting your stored WiFi network passwords.

Models reported to be affected include the Desire HD, myTouch 4G, Desire S, Sensation, EVO 3D, Droid Incredible, and the Thunderbolt 4G. The good news is that HTC was made aware of this problem a while back, and has been hard at work preparing updates to correct things. Most of these have already been distributed during previous maintenance releases; for the rest, HTC will have manual updates ready in the next week or so. It hasn’t said just which of those phones have already been patched, so we’ll have to wait until next week to learn who still needs to install the fix.

Source: HTC

Via: Android Central

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!