In order to address a security vulnerability on its Android phones, HTC has updated its devices. This specific vulnerability had allowed malicious applications to obtain Wi-Fi security information. Through a post on the official site, HTC said that several of the affected handsets have already received over-the-air updates.
However, there are some units which may require a manual update of the OS.
Several affected devices retrieved a bug which allowed Android apps to obtain an innocuous sounding ‘ACCESS_WIFI_STATE’ permission. This then obtained all the Wi-Fi passwords for any network wherein the phone has previously connected to.
The vulnerability was originally discovered by two security researchers - Bret Jordan and Chris Hessing. They have also identified that the vulnerability has affected the following HTC phones:
- HTC Desire HD (Froyo, Gingerbread)
- HTC Desire S (Gingerbread)
- HTC Droid Incredible (Froyo)
- HTC EVO 3D (Gingerbread)
- HTC Sensation (Gingerbread)
- HTC Thunderbolt 4G (Froyo)
- T-Mobile myTouch 4G (Froyo)
According to TheNextWeb, Jordan and Hessing discovered the vulnerability as early as September 2011. However, they worked with involved parties, Google and HTC, before going public with the information. This was so that they could track down the possible cause and also develop a fix for the issue. This is why we are only hearing about the problem today.
For HTC users who do not have an affected device, it’s highly possible that the update has already been fixed over-the-air. For more information, users are advised to check back in a week’s time for availability of a manual patch on certain handsets.
If it’s any consolation, this latest security scare is one that you shouldn’t be worried about. By the time news broke out about the issue, your affected device may have already been updated.
