HTC has acknowledged a flaw in the way that some of its handsets handle specific Android requests may expose the security credentials on Wi-Fi networks they are connected to.
Researchers Chris Hessing and Bret Jordan found that any Android application on an affected HTC handset with the android.permission.ACCESS_WIFI_STATE permission would be able to call upon the .toString() command in the WifiConfiguration class to view all credentials of a Wi-Fi network.
If combined with the android.permission.INTERNET permission, attackers could then harvest the details and send them to a remote server on the Internet.
The flaw affects the following devices: Desire HD (both “ace” and “spade” board revisions) – Versions FRG83D, GRI40, Glacier – Version FRG83, Droid Incredible – Version FRF91, Thunderbolt 4G – Version FRG83D, Sensation Z710e – Version GRI40, Sensation 4G – Version GRI40, Desire S – Version GRI40, EVO 3D – Version GRI40, EVO 4G – Version GRI40.
I has been found not to affect the MyTouch 3G and the Nexus One.
HTC posted a bulletin to its support site, warning users of the bug on January 31:
HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades.However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.
The good news is that most HTC handsets will automatically patch the issue, but some will require the user to manually load a fix. HTC says that users should check its site next week for more details on how to perform the update.
Hessing and Jordan found the issue on September 7 2011 but worked with HTC and Google over the next couple of months to establish the cause and help them issue a fix, before they publicly disclosed their work.
The issue would require the user to install an application that had been specifically designed to harvest details or was uploaded to the Android Market with the specific aim of collecting information. The impact may have been small in the fact that such an app will not see the reach as a more popular app but the security risk does exist.
If you own one of the affected handsets, you may have already received the fix. If you do not, keep checking the HTC Support site for more information.