HTC Android phone flaw fix not coming until next week for some
- 03 February, 2012 04:31
- Comments
Some users of HTC Android phones will have to wait until next week to get a fix for a problem that could leak credentials used to gain access to Wi-Fi networks, including corporate networks.
HTC is downplaying the severity of the problem and says most affected phones have already gotten the fix via updates and upgrades.
But it acknowledges users will have to manually load the software update and says those users should check back to its help page next week.
TIPS: Tricks for upgrading your Android phone
The flaw lies within the particular Android build used in certain models of HTC phones. It exposes Wi-Fi login credentials used as part of 802.1X network access control used on wireless networks.
A rogue application with rights to see that information and also with rights to access the Internet could steal the credentials and send them to attackers who might then use them to infiltrate a corporate network.
Google says no such rogue application has been found, according to a description of the flaw at the My War With Entropy blog by Bret Jordan. "Google has also done a code scan of every application currently in the Android Market and there are no applications currently exploiting this vulnerability," Jordan says.
For its part, HTC posted a paragraph on its help page about the flaw. "HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone," the posting says.
According to US-CERT, affected phones are:
• Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
• Glacier - Version FRG83
• Droid Incredible - Version FRF91
• Thunderbolt 4G - Version FRG83D
• Sensation Z710e - Version GRI40
• Sensation 4G - Version GRI40
• Desire S - Version GRI40
• EVO 3D - Version GRI40
• EVO 4G - Version GRI40
Read more about anti-malware in Network World's Anti-malware section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- 8 useful Google Android resources
- HTC Android phones can leak Wi-Fi passwords
- HTC Help Center
- Tips and tricks for upgrading your Android phone
- Wireless Research Center - Network World
- US-CERT Vulnerability Note VU#763355 - 802.1X password exploit on many HTC Android devices
- Anti-malware Research Center - Network World
-
Australia's first 4G smartphone is the HTC Velocity 4G
-
Swedish e-commerce startup's execs linked to NYC sex crime
-
Face Time - Interview with John Brennan and Robert DiStefano
-
How to implement next-generation storage infrastructure for Big Data
-
Pfizer's Future Depends on IT Transformation
-
Unified Monitoring™ A Business Perspective
The enterprise computing landscape has changed dramatically. Virtualisation, outsourcing, SaaS, and cloud computing are creating fundamental changes, and ushering in an era in which enterprises distribute increasingly critical IT assets and applications across multiple service providers.This paper explores today’s computing trends and their monitoring implications in detail. In addition, it reveals how a new monitoring paradigm architecture, that uniquely addresses the monitoring realities of today’s and tomorrow’s enterprises—whether they rely on internal platforms, external service providers, or a combination of both. -
Six tips for choosing a unified threat management (UTM) solution
As network security grows more complex, businesses are demanding the simplicity of unified threat management (UTM). Businesses like yours are replacing multiple, outdated and costly appliances from different vendors with a single, reliable UTM solution. The best solutions offer a more powerful way to manage network security today and in the future. UTM also promises to slash your network security management efforts and hardware costs. This whitepaper offers you detailed advice on how to choose the comprehensive unified threat management (UTM) that best suits your business. -
Selecting an Application Lifecycle Management Vendor: An Ovum Report
Leading industry analyst firms across the world include IBM Rational in their research efforts and provide opinions on our ALM solutions. Find out how Ovum confirmed IBM Rational as the clear leader on both axes of the assessment; Market Impact and Technology, along with a clear leadership in market presence.
-
Sharepoint 2007 and Office Development
-
Web Design Before & After Makeovers
-
50 Fast Windows XP Techniques
-
Professional Vmware Server
-
Iphone for Dummies, Target One Spot Edition
-
Building Iphone Applications with Titanium - the Official Guide to Appcelerator Titanium Mobile Platform
-
PHP & MySQL Web Development All-In-One Desk Reference for Dummies
-
Computers Simplified, 7th Edition
-
Applying Software Metrics








Comments
Post new comment