Some HTC smartphone users may find their Wi-Fi passwords and other information exposed due to a new bug, but the company is rolling out a fix.
The vulnerability leaks Wi-Fi credentials and SSID (network name) details to any application with basic Wi-Fi permissions on several HTC handsets, according to an alert issued yesterday by the U.S. Computer Emergency Readiness Team (US-CERT). As a result, an attacker using the right application can potentially capture and harness the information to hack into the user's network.
The affected phones include:
- Desire HD (both "Ace" and "Spade" board revisions) - Versions FRG83D, GRI40
- Glacier - Version FRG83
- Droid Incredible - Version FRF91
- Thunderbolt 4G - Version FRG83D
- Sensation Z710e - Version GRI40
- Sensation 4G - Version GRI40
- Desire S - Version GRI40
- EVO 3D - Version GRI40
- EVO 4G - Version GRI40
HTC has already applied a fix to most of the affected phones as part of a regular update. But certain phones will need the patch manually installed, according to a notice on the company's Help page: "HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone."
The vulnerability was discovered by Chris Hessing, a senior engineer for CloudPath Networks, according to a blog by Bret Jordan, a security architect with Open1X Group.
In his blog, Jordan revealed the time frame of the bug's discovery last September and its public disclosure this week, providing insight into how long it can take for such a weakness to come to light.
Still, Jordan praised both Google and HTC for their responsiveness and ability to work on the problem.
"Google has made changes to the Android code to help better protect the credential store and HTC has released updates for all currently supported phone and side-loads for all non-supported phone," noted Jordan.
Google has also scanned every application in the Android Market for this vulnerability and discovered no apps exploiting it at this point, Jordan added.