Share this Story

Some HTC Handsets Including the Thunderbolt had a WiFi Security Issue, May Have Already Been Fixed

Another security hole has been made public that affected a number of HTC handsets, including the Thunderbolt. The issue was first discovered back in September of 2011 and was then patched in most of the handsets through OTA updates without any of you knowing. The vulnerability had to do with the way some of their handsets connect securely to WiFi networks, potentially leaving your password available.

A list – from what we can tell – of devices that have already been updated is not available at this time. HTC has asked that we all check back next week to see whether or not your phone has already been fixed or if you need to manually patch your phone yourself.

Via:  TheNexWeb, HTC

  • Tice891

    I had to return my thunderbolt just 16 days ago inexplicable the WI-FI just stopped working, and could not be fixed even after letting the pros look at it. I was forced to receive a refurbished phone through the mail.

  • Matthew Rosidivito

    When are manufactures going to realize that they should just stay in hardware and leave the software to Google? Nobody ever bought a Thunderbolt or a Sensation because it had Sense on it.

  • Ray

    @Michael_NM:disqus ..my roomate’s sister-in-law made $9,145 last month. she works on the internet and drives a Mercedes-Benz R172. All she did was get lucky and follow the information you can find here..nipp.me/bfl

    • Matthew Rosidivito

      Your roomates sister-in-law is a prostitute. Edit: Oh, a Benz? Pornstar.

  • Anonymous

    HTC must have some serious internal communication problems if it’s going to take a week for them to provide a list of “secure” phones.

  • So in other words Sense still sucks and Sense is a Security risk.  Go go AOSP FTW!

  • Anonymous

    why make this public if they’re not ready to say who may still be affected?  in fact, why make this public at all?  why not just fix it and push it under the rug?  is it so the guys who found it can get a pat on the back?

    • Anonymous

      So people know their information may be at risk. Psn waited a week before they even announced the breach and the fact that people credit cards may have been compromised.

      • Anonymous

        yeah, but from what i’ve read there have been no apps that took advantage of this, even google scanned the market.  so what i mean is, if it’s been determined that no one else was aware of this issue, why not just let it go by without telling the public, and then include the fix in the next device update and roll it out as soon as possible?

        as of right now, there could be phones that haven’t yet received a fix, and then ones that did where the people just don’t update their phones.  without saying something like “it’s their own damn fault”.. why expose them by releasing it publicly, I mean?  i know a bunch of people who don’t know how to update their apps in the market, let alone the OS.

    • Josh Groff

       You’re right, this is so much worse than any problems Samsung or Motorola have had… At least the phone functions…

      • Anonymous

        my point would stand for samsung, motorola, or anyone having security issues like this.  jerkoff say what?

        • Josh Groff

           Fixing it and not disclosing it as a problem would be shady, and unlike some companies, HTC admits when they’re at fault.

    • Because HTC wasn’t the one to find and release said bug to the public.  Per the source article:

      “Researchers Chris Hessing and Bret Jordan found that any Android application on an affected HTC handset with the android.permission.ACCESS_WIFI_STATE permission would be able to call upon the .toString() command in the WifiConfiguration class to view all credentials of a Wi-Fi network.”

      • Anonymous

        i know that.  i mean, why would HTC or these security guys risk people being exposed, if no one else knew about the issue besides them.  based on the articles i’ve read about this, only they knew.  you’d think the smart decision would be to fix it asap and go about your day.

        you know someone’s out there right now working on an app that’ll take advantage of this for people who didn’t get the update or chose not to update.  and it would be because they’re being informed publicly about it now.

        • Tom

          It’s always like this. Researchers get fame and also a bullet mark in their resume. Many even make it public after giving companies a very short peroid to provide a fix as an “encouragement” to fix it faster.

          Companies also need to do public damage control once a researcher decides to publicize the security hole.