HTC Android phones can leak Wi-Fi passwords

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[Pez]

HTC Android users beware! Attackers have created rogue applications that when downloaded can steal your phone’s Wi-Fi credentials and passwords. Be careful which applications you download and read other users’ reviews first. If you think your phone has already been compromised, visit HTC’s support site for help.
 
Exposed 802.1X credentials can be picked off by rogue applications

A group of HTC Android phones is susceptible to an exploit that can steal Wi-Fi credentials and passwords and send them to attackers.
 
The exploit relies on attackers creating rogue applications to take advantage of vulnerabilities in the Android build HTC uses on some of its phones, according to a post by the United States Computer Emergency Readiness Team (US-CERT).
 
Users with affected phones should go to HTC's support site for software updates, US-CERT says.
 
The affected Android builds expose 802.1X passwords to applications on the phones that have permission to access the Wi-Fi state of the phone. The flaw doesn't allow access to the 802.1X settings themselves, it does allow viewing Wi-Fi credentials, according to a description of the flaw at the My War With Entropy blog by Bret Jordan.
 
So an application could gain access to stored SSIDs of Wi-Fi networks, user names and passwords. If the application also has Internet-access privileges, it could send along the stolen credentials to attackers.
 
If the stolen credentials are for corporate networks, they could be used to target data on those business networks, Jordan writes.
 
According to US-CERT, affected phones are:
 ■Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
■Glacier - Version FRG83
■Droid Incredible - Version FRF91
■Thunderbolt 4G - Version FRG83D
■Sensation Z710e - Version GRI40
■Sensation 4G - Version GRI40
■Desire S - Version GRI40
■EVO 3D - Version GRI40
■EVO 4G - Version GRI40
 
HTC and Google were told about the flaw last September and have been working to fix the problem and arrange for public disclosure. Jordan describes the companies as responsive and good to work with.

Orginal article: http://www.infoworld.com/d/mobile-technology/htc-android-phones-can-leak-wi-fi-passwords-185542

---

TIPS: Tricks for upgrading your Android phone  


--- edited by Admin ---

[Samker]

It's also good idea for all Android users to immediately install some Anti-Virus... here they have few excellent FREE solutions: http://scforum.info/index.php/board,28.0.html