2nd Strike: HTC’s Android Phones Leaking WiFi Passwords

X

HTC’s latest Android smartphones are susceptible to attacks that reveal Wi-Fi credentials and passwords to attackers. This is the second security flaw found in HTC’s custom Android ROM in recent months.

20120202124410f226b 250x345 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
HTC’s Evo 3D

The software vulnerability exposes wireless 802.1X passwords and other network credentials. The information procured isn’t limited to an active Wi-Fi connection, but also networks that were previously connected and trusted with the phone. According to Bret Jordan’s blog on My War with Entropy, the information is then sent to attackers.

Attackers can gain information of wireless networks by implementing rogue apps which commonly seek Wi-Fi permissions.

“When this is paired with the Internet access permissions, which most applications have, an application could easily send all stored Wi-Fi network credentials (user names, passwords, and SSID information) to a remote server,” Jordan writes on his blog.

 

The security flaw affects a variety of HTC builds and was identified by Chris Hessing. The vulnerable phones are: 

Desire HD  (both “ace” and “spade” board revisions) – Versions FRG83D, GRI40
Glacier – Version FRG83
Droid Incredible – Version FRF91
Thunderbolt 4G – Version FRG83D
Sensation Z710e – Version GRI40
Sensation 4G – Version GRI40
Desire S – Version GRI40
EVO 3D – Version GRI40
EVO 4G – Version GRI40 

In response to the limp security, Google has made changes to the Android code to better conceal such credentials, while HTC has developed several software updates which are available here.

This is the second security issue identified with HTC’s custom Sense ROM within months.

Identified within October of 2011, HTC’s custom ROM would keep logs of email addresses, SMS data, location, phone numbers and system logs, which could then be shared with any application that simply requests access. Like the current glitch, the data could then be sent to via the internet to an attacker.

Read: Security Breach: HTC Phones Leak Personal Info

 

728x90 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
Leaderboard 728x90 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
DCS 6100LH 728x90 smarthouse 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
728x90 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
Sony 290ES 728x90 1 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
ALOGIC 728x90 1 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
media 728x90 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
728x90 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
Mode II 728x90px product 2nd Strike: HTCs Android Phones Leaking WiFi Passwords
728x90 TCL Mini LED FUll Array 2nd Strike: HTCs Android Phones Leaking WiFi Passwords


YOU MAY ALSO LIKE