Some HTC Android phones found vulnerable to WiFi password leak

Feb 02, 2012 by Bob Yirka report
HTC Desire HD Enlarge
HTC Desire HD

(PhysOrg.com) -- The United States Computer Emergency Readiness Team (U-CERT) has issued a warning to users of some HTC Android phones regarding a security vulnerability that has been found. The warning pertains to 802.1X WiFi user information and SSID data that can be viewed by rouge applications, taking advantage of a weakness in the OEM Android build of certain HTC phones.

Affected phones allow 802.1X WiFi information to be seen by applications that have access rights to WiFi information stored on the phone. This means errant applications could find their way to a stored SSID (Service Set Identifier - an identifier attached to the header of packets sent to a wide area network), login names as well as passwords. Also, should the phone connect to the Internet, identified information could then be sent back to those that created the application and who are looking for such information. And if the phone also connects to a corporate network, the vulnerability could lead to data being stolen.

According to U-CERT, the phones at risk are:

Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
Glacier - Version FRG83
Droid Incredible - Version FRF91
Thunderbolt 4G - Version FRG83D
Sensation Z710e - Version GRI40
4G - Version GRI40
Desire S - Version GRI40
EVO 3D - Version GRI40
EVO 4G - Version GRI40

HTC, a Taiwanese manufacturer of Smartphones, has had other with their phones in just the past few months, and according to some unofficial sources, this particular vulnerability was discovered by Chris Hessing, a senior engineer with CloudPath Networks. Google and HTC were both apparently notified about the vulnerability last September after it was discovered. Since that time, both have been hard at creating a fix, which is now available to worried owners at HTC’s support site.

Google has also reportedly performed a full scan on all of the applications available for download in the Market, and has found none that have tried to take advantage of the vulnerability, indicating that it’s possible nobody but Hessing and workers at HTC and were even aware of the vulnerability, which means despite the lapse by , it’s likely no one was actually harmed by the problem.

Explore further: NFL, Xbox enhancing interactive television viewing

add to favorites email to friend print save as pdf podcast

Related Stories

Microsoft reaches licensing deal on HTC phones

Apr 28, 2010

(AP) -- Microsoft Corp. says it has patents covering phones that use Google Inc.'s Android software - but unlike Apple Inc., Microsoft has reached a licensing deal rather than suing over the software.

Recommended for you

The new consoles from Microsoft, Nintendo and Sony

10 hours ago

Microsoft is the last of the three big video game console makers to unveil its latest gaming system. Tuesday's unveiling comes nearly eight years after the Xbox 360 went on sale. It follows last fall's de ...

Microsoft readies new Xbox as entertainment hub

23 hours ago

Microsoft offers a glimpse Tuesday at a new-generation Xbox as videogame consoles evolve into home entertainment centers and adapt to competition from smartphones and tablets.

Finnish start-up launches smartphone to rival giants

May 20, 2013

A group of ex-Nokia employees who quit over the company's decision to abandon the planned MeeGo operating system in favour of Windows presented their own smartphone on Monday, hoping to rival the sector's ...

NEC phone is liquid-cooled and gender-specific

May 20, 2013

(Phys.org) —Pink is the color of princess fairy-tale gowns, magic slippers, upscale cupcake icing, and everything else favorable to girls who just want to be girls. "Ladyphones" appear to be concepts for ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Shifty0x88
not rated yet Feb 02, 2012
Uh oh, I have one of those phones, but I am careful in downloading apps from the market.

I only download "trusted" apps, apps which have lots of downloads, are from good companies, and have a good reputation on the internet and from my friends.
satcat
not rated yet Feb 03, 2012
I also use an app (LBE Privacy Guard, free version) where you can restrict the rights for all the other applications.

However you need to root your phone, have Superuser app installed, and give LBE Privacy Guard full trust

More news stories

The new consoles from Microsoft, Nintendo and Sony

Microsoft is the last of the three big video game console makers to unveil its latest gaming system. Tuesday's unveiling comes nearly eight years after the Xbox 360 went on sale. It follows last fall's de ...

Expectations high for next Xbox

It's almost time for a new Xbox. Eight years have passed since Microsoft unveiled the Xbox 360, double the amount of time between the original Xbox debut in 2001 and its high-definition successor's launch ...

If you can remember it, you can remember it wrong

(Medical Xpress)—Native peoples in regions where cameras are uncommon sometimes react with caution when their picture is taken. The fear that something must have been stolen from them to create the photo ...

Encouraging signs for bee biodiversity

Declines in the biodiversity of pollinating insects and wild plants have slowed in recent years, according to a new study. Researchers led by the University of Leeds and the Naturalis Biodiversity Centre in the Netherlands ...

B vitamins could delay dementia

(Medical Xpress)—Despite spending billions of dollars on research and development, drug companies have been unable to come up with effective treatments for dementia and Alzheimer's Disease (AD). Now, A. ...