# Another HTC Device Security Issue



## xpiatio (Aug 26, 2011)

http://www.androidpolice.com/2012/02/01/public-disclosure-vulnerability-in-htc-android-devices-exposed-wi-fi-credentials-to-apps-which-knew-how-to-ask-but-thankfully-didnt/

from the article:
A serious vulnerability that affected the way some popular HTC Android phones handle 802.1x usernames, passwords, and SSIDs was disclosed publicly today by engineers Chris Hessing and Bret Jordan. The bug allowed applications with only an ACCESS_WIFI_STATE permission to read your Wi-Fi SSIDs, usernames, and, most importantly, passwords on at least the following devices:
Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
Glacier - Version FRG83
Droid Incredible - Version FRF91
Thunderbolt 4G - Version FRG83D
Sensation Z710e - Version GRI40
Sensation 4G - Version GRI40
Desire S - Version GRI40
EVO 3D - Version GRI40
EVO 4G - Version GRI40


----------



## xpiatio (Aug 26, 2011)

Sorry, meant to post this in the general section. - mods can you move?


----------



## cuguy (Jul 13, 2011)

How do I check for my phone's version?


----------



## johndoe86x (Jul 25, 2011)

cuguy said:


> How do I check for my phone's version?


Yes. How do you check?
Sent from my ADR6400L using Tapatalk


----------



## tburns (Jan 5, 2012)

If you have setcpu on your phone, go to info and select device. Its shown there. I have the one listed







.


----------



## pathcafe (Jul 22, 2011)

xpiatio said:


> http://www.androidpo...ankfully-didnt/
> 
> from the article:
> A serious vulnerability that affected the way some popular HTC Android phones handle 802.1x usernames, passwords, and SSIDs was disclosed publicly today by engineers Chris Hessing and Bret Jordan. The bug allowed applications with only an ACCESS_WIFI_STATE permission to read your Wi-Fi SSIDs, usernames, and, most importantly, passwords on at least the following devices:
> ...


For those running Sense UI, not AOSP. Right?


----------



## cuguy (Jul 13, 2011)

tburns said:


> If you have setcpu on your phone, go to info and select device. Its shown there. I have the one listed
> 
> 
> 
> ...


Woot ! mine isn't listed


----------



## 00negative (Jul 25, 2011)

cuguy said:


> How do I check for my phone's version?


Think it shows in settings. In the software info.

Sent from my iPhone 4s using Tapatalk


----------



## 00negative (Jul 25, 2011)

pathcafe said:


> For those running Sense UI, not AOSP. Right?


From what I have read its only sense.

Sent from my iPhone 4s using Tapatalk


----------



## xpiatio (Aug 26, 2011)

Per this article, HTC kept quiet about it for 5 months. . . . consumer confidence falters. . . http://www.engadget.com/2012/02/03/htc-acknowledges-wifi-security-flaw-says-it-deliberately-kept-i/


----------



## RCMarks314 (Sep 9, 2011)

Unless you're on a Froyo build I don't think you have anything to worry about.


----------

