ARN

HTC Android phone flaw fix not coming until next week for some

Some users of HTC Android phones will have to wait until next week to get a fix for a problem that could leak credentials used to gain access to Wi-Fi networks, including corporate networks.

HTC is downplaying the severity of the problem and says most affected phones have already gotten the fix via updates and upgrades.

But it acknowledges users will have to manually load the software update and says those users should check back to its help page next week.

TIPS: Tricks for upgrading your Android phone 

The flaw lies within the particular Android build used in certain models of HTC phones. It exposes Wi-Fi login credentials used as part of 802.1X network access control used on wireless networks.

A rogue application with rights to see that information and also with rights to access the Internet could steal the credentials and send them to attackers who might then use them to infiltrate a corporate network.

Google says no such rogue application has been found, according to a description of the flaw at the My War With Entropy blog by Bret Jordan. "Google has also done a code scan of every application currently in the Android Market and there are no applications currently exploiting this vulnerability," Jordan says.

For its part, HTC posted a paragraph on its help page about the flaw. "HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone," the posting says.

According to US-CERT, affected phones are:

• Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40

• Glacier - Version FRG83

• Droid Incredible - Version FRF91

• Thunderbolt 4G - Version FRG83D

• Sensation Z710e - Version GRI40

• Sensation 4G - Version GRI40

• Desire S - Version GRI40

• EVO 3D - Version GRI40

• EVO 4G - Version GRI40

Read more about anti-malware in Network World's Anti-malware section.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

More about: CERT, G8, Google, HTC, IPS
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: 802.1X, Android, Android flaw, Android security, consumer electronics, Google, htc, HTC flaw, networking, rogue applications, security, smartphones, wi-fi, wireless, WLANs / Wi-Fi
ARN Directory | Distributors relevant to this article
Aquion , Avnet Technology Solutions , Brightpoint Australia , ICT Distribution
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/aca-pacific/436_receive-15-off-sap-crystal-server-and-designer
ACA Pacific

Receive 18% off SAP Crystal Server and Designer Licenses. Offer Ends June 28th, 2012.

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.