Update: HTC Responds to Wi-Fi Password Leak by Offering Patches
As an update for our earlier report that HTC has started fixing Wi-Fi security issues on several devices, we have learned that these fixes are already available to the affected phones as a part of a regular update on the device. The affected phones include:
- Desire HD (both “Ace” and “Spade” board revisions) – Versions FRG83D, GRI40
- Glacier – Version FRG83
- Droid Incredible – Version FRF91
- Thunderbolt 4G – Version FRG83D
- Sensation Z710e – Version GRI40
- Sensation 4G – Version GRI40
- Desire S – Version GRI40
- EVO 3D – Version GRI40
- EVO 4G – Version GRI40
If you are the owner of any of the phones mentioned above, you should have the fix available to you. However, there are certain phones which will need a manually installation of the patch.
“HTC has developed a fix for a small Wi-Fi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone,” a notice posted on the company’s website read.
The Wi-Fi security issue was discovered by CloudPath Networks’ Senior Engineer named Chris Hessing. The vulnerability leaks that affected SSID ( network name) and Wi-Fi credentials were then issued as an alert by the U.S. Computer Emergency Readiness Team (US-CERT). Because of this vulnerability, attackers are able to capture and harness information to hack the network of a user through the right application.
Even though the bug was discovered last September, Bret Jordan, Open1X Group’s security architect; still praised Google and HTC for their fast responsiveness and for working on the issue.
“Google has made changes to the Android code to help better protect the credential store and HTC has released updates for all currently supported phone and side-loads for all non-supported phone,” Jordan said. “Google has also scanned every application in the Android Market for this vulnerability and discovered no apps exploiting it at this point.”