HTC Working on fix for WiFi Vulnerability They Found and Shared Themselves

Discussion in 'Android News' started by dgstorm, Feb 2, 2012.

  1. dgstorm
    Offline

    dgstorm Editor in Chief Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    6,972
    Likes Received:
    1,257
    Trophy Points:
    113
    Location:
    Austin, TX
    [​IMG]

    The folks at HTC were very forthcoming recently. Apparently, one of their own engineers found a security vulnerability that has been inherent in most HTC Android devices for quite some time. The company is working on a fix, but also wanted to share it with the community. It shouldn't be surprising that they did, as it is their responsibility, but it is refreshing, nonetheless, that they are trying to deal with it publicly by giving full disclosure.

    The problem could allow applications with just an ACCESS_WIFI_STATE permission to read your Wi-Fi SSIDs, usernames, and, even passwords. The vulnerability was found on at least the following devices, but could be on more:
    They have actually been working hand in hand with Google to fix the issue for the last few months, and already have a fix for it. In fact, many of the devices already received the fix through an OTA update. The company wanted to make sure to comply with the ethics of full disclosure, so they shared the following info:
    It's interesting to note that this security vulnerability probably wouldn't have existed had HTC simply put a stock version of Android on their phones. I understand the desire of the various OEMs to differentiate their products from the competition by making them "seem" different with custom UI's; however, this is another case which clearly indicates it would better serve these companies and their consumers to stick to as close to a stock Android experience as possible.

    Source: AndroidPolice
  2. bazar6
    Offline

    bazar6 Premium Member Theme Developer Premium Member

    Joined:
    Dec 15, 2009
    Messages:
    675
    Likes Received:
    9
    Trophy Points:
    18
    Location:
    MD
    If they didn't report it, and a consumer/hacker figured it out, they would have a much worse PR problem. It's always best to come out and tell em somethings wrong and you're working on a fix, than try to keep it quiet and hope some random consumer doesn't light up the internet with how much of a security vulnerability it is and blow it out of proportion.

    Lucky for me, I hardly ever turn on WiFi on my tbolt, this issue doesn't bother me too much.
  3. Larry_ThaGr81
    Offline

    Larry_ThaGr81 New Member

    Joined:
    Apr 6, 2010
    Messages:
    1,030
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Hesperia
    Can somebody confirm that the Thunderbolt is still supported by HTC, because under their help link I didn't see it listed after checking the entire HTC lineup twice.
  4. srothkin
    Offline

    srothkin New Member

    Joined:
    Nov 19, 2009
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Ossining, NY
    I suspect htc.com isn't supporting the U.S at all. I tried to sign up for news notifications on the site. The signup form requires selecting your region. U.S. is NOT listed.
Search tags for this page

fix wifi vulnerabilities

,
is wifi vulnerable to thunderbolt