As far back as September, stability researchers discovered a "critical" bug in many HTC Android handsets that exposed users' WiFi credentials to any hacker who cared to look. The flaw mannered recent devices like the Thunderbolt and EVO 4G all the way back to the Desire HD. The researchers speedily notified HTC, but the assembler waited a full five months before acknowledging the flaw publicly a few days ago. Sounds shady, perhaps, but HTC sent us a report clarifying that this is yardstick policy to protect customers. It says it waited to develop a fix before it alerted the big bad world to the vulnerability. Most newer devices have already received their fix OTA, but owners of some older phones -- we'll update this post when we know exactly which ones -- will need to check the HTC Support site for a manual update next week. Meanwhile, in the manufacturer's defense, the guys at the Open1X group who discovered the bug say that HTC was "very responsive and good to work with." Here's HTC's presentation to us:

"HTC takes 1995 by houghton mifflin harcourt publishing company. published by houghton mifflin harcourt publishing company. all rights reserved.view results from: dictionary | thesaurus | encyclopedia | all reference | the web
share this: data protector very seriously. If there is a known breach of tactful




roget's ii: the new thesaurusmain entryelicate
part of speech:adjective
definition:requiring great tact or skill.
ticklish 1995 by houghton mifflin harcourt publishing company. published by houghton mifflin harcourt publishing company. all rights reserved.view results from: dictionary | thesaurus | encyclopedia | all reference | the web
share this: data, our crash project is client notification along with corrective actions. It is our policy, and business test procedure, to protect customers, which on occasion necessitates not increasing data bail risks by disclosing minor breach issues where no envious applications are detected. In those cases, untimely exposure of vulnerabilities could spur institution of beastly apps to take head start of any vulnerability before it is fixed. For this particular WiFi bug issue, we worked closely with Google and the confidence researchers from the date of notification and all over this process to ensure that the majority of mannered HTC phones had already sanctioned the fix prior to the vulnerability being made public."

Update: We changed our inceptive heading to make it clearer that HTC deliberately kept quiet to protect its customers. We're doubtlessly not arraign HTC of any wrong-doing here.

HTC acknowledges long-running WiFi pledge flaw, says it kept it quiet to prevent exploits first appeared on Engadget on Fri, 03 Feb 2012 05:13:00 EDT. Please see our terms for use of feeds.

Permalink TheNextWeb  |  My War with Entropy, HTC Support  | Email this | Comments

More: - Read the rest here