News by Dan Seifert on Thursday February 02, 2012.
|Sponsored links, if any, appear in green.|
HTC has come forward to admit that a number of its Android smartphones have a security flaw that leaves secure Wi-Fi login information accessible to nefarious apps.
The flaw allows any Android app that has permissions to check if the phone is connected to a Wi-Fi network or not (a typically innocuous, run-of-the-mill request) to access stored data of previously visited Wi-Fi networks, including their passwords. App makers that are aware of the bug could then program their apps to transmit the information back to a remote server.
HTC says the phones affected by the issue are the Desire HD, the Glacier, the DROID Incredible, the ThunderBolt, the Sensation, the Sensation 4G, the Desire S, the EVO 3D, and the EVO 4G. The company says that many devices have already been patched with automatic software updates, but that some will require owners to sideload a fix to take care of the problem.
The company released a statement on the matter with directions for users:
"HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone."
Apparently, security researchers found the flaw back in September 2011, but decided to keep it under wraps and work with Google and HTC to develop a fix before taking it public. [via The Next Web]
Dan is MobileBurn.com's Editor-in-Chief. Based in Poughkeepsie in New York, Dan can be found on Twitter as @DCSeifert.