HTC Android phone flaw fix not coming until next week for some
- 03 February, 2012 04:31
- Comments
Some users of HTC Android phones will have to wait until next week to get a fix for a problem that could leak credentials used to gain access to Wi-Fi networks, including corporate networks.
HTC is downplaying the severity of the problem and says most affected phones have already gotten the fix via updates and upgrades.
But it acknowledges users will have to manually load the software update and says those users should check back to its help page next week.
TIPS: Tricks for upgrading your Android phone
The flaw lies within the particular Android build used in certain models of HTC phones. It exposes Wi-Fi login credentials used as part of 802.1X network access control used on wireless networks.
A rogue application with rights to see that information and also with rights to access the Internet could steal the credentials and send them to attackers who might then use them to infiltrate a corporate network.
Google says no such rogue application has been found, according to a description of the flaw at the My War With Entropy blog by Bret Jordan. "Google has also done a code scan of every application currently in the Android Market and there are no applications currently exploiting this vulnerability," Jordan says.
For its part, HTC posted a paragraph on its help page about the flaw. "HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone," the posting says.
According to US-CERT, affected phones are:
• Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
• Glacier - Version FRG83
• Droid Incredible - Version FRF91
• Thunderbolt 4G - Version FRG83D
• Sensation Z710e - Version GRI40
• Sensation 4G - Version GRI40
• Desire S - Version GRI40
• EVO 3D - Version GRI40
• EVO 4G - Version GRI40
Read more about anti-malware in Network World's Anti-malware section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- 8 useful Google Android resources
- HTC Android phones can leak Wi-Fi passwords
- HTC Help Center
- Tips and tricks for upgrading your Android phone
- Wireless Research Center - Network World
- US-CERT Vulnerability Note VU#763355 - 802.1X password exploit on many HTC Android devices
- Anti-malware Research Center - Network World
- Get the Whole Picture Why Most Organizations Miss User Response Monitoring—and What to Do About It
- Seven Steps to Effective Data Governance
- Guidance for Calculation of Efficiency (PUE) in Data Centers
- Information Security Policies, Standards and Procedure
- Best practices for implementing 2048-bit SSL
-
Australia's first 4G smartphone is the HTC Velocity 4G
-
Swedish e-commerce startup's execs linked to NYC sex crime
-
Face Time - Interview with John Brennan and Robert DiStefano
-
How to implement next-generation storage infrastructure for Big Data
-
Pfizer's Future Depends on IT Transformation
-
2-Layer BPM: Oracle's Unique Strategy Towards Exceptional Agility and Business Process Efficiencies
Today, a new approach to BPM — the use of BPM and SOA together in a layering strategy — offers built-in smartness and high configurability. This dynamic approach to business process management is based on context and content. It offers agility throughout an organization, and it can dramatically increase productivity and time-to-market. -
CSO Security Buyers Guide 2011
Welcome to the 2011 /2012 CSO Security Buyers Guide CSO is keeping security professionals ahead of the evolving threats and challenges to their businesses. This resource for security professionals assists you in finding leading IT security vendors by their products and solutions. Happy Browsing! The 2011 CSO Buyers Guide team -
HP Imaging and Printing Services
According to Gartner, a major focus for organisations today and in the foreseeable future is shifting from cost reduction to growth, expansion, innovation, and operational excellence. If your organization is serious about driving growth and innovation and improving customer experiences, you’ll find that a well-managed imaging and printing environment is key to these goals. A growing number of organizations are turning to services as a means of integrating imaging and printing into their overall IT infrastructure strategies. It may be one of the fastest ways to continue to drive down costs, fund innovation, and prepare your organisation to capitalise on future opportunities. Read more.

















Comments
Post new comment