HTC acknowledges that some Android devices may have leaked WiFi passwords

Summary:Patches inbound ... although not all will be applied automatically.

HTC has acknowledged that a flaw on some of its Android handsets may have leaked WiFi passwords of networks they were joined to.

The issue was initially bought to light by security researchers Chris Hessing and Bret Jordan, who discovered that any Android applications on an affected handset with access to the android.permission.ACCESS_WIFI_STATE permission were able to view all credentials of a WiFi network. It is also possible that applications could have collected this information and returned it back to the bad guys, although no evidence exists that this has happened.

The following handsets are affected:

  • Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
  • Glacier - Version FRG83
  • Droid Incredible - Version FRF91
  • Thunderbolt 4G - Version FRG83D
  • Sensation Z710e - Version GRI40
  • Sensation 4G - Version GRI40
  • Desire S - Version GRI40
  • EVO 3D - Version GRI40
  • EVO 4G - Version GRI40

The following are NOT affected:

  • myTouch3g
  • Nexus One

HTC has acknowledges the issue on its support site:

HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.

It might also be a good idea to change your WiFi password, just to be on the safe side.

Topics: Mobility, Networking


Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.