HTC Admits Android Wi-Fi Password Leak Flaw -- Fix Already in Progress

By Gary Cutlack on at

HTC has moved rather quickly to calm the latest Android security scare, which has found that several models of HTC Android phone may be open to revealing the user's Wi-Fi password under certain circumstances.

The discovery of the HTC Wi-Fi password exploit was only made public yesterday, despite first being discovered by researchers back in September of 2011. The guys who found it approached HTC and Google with their findings before going public, enabling the companies to begin working on and circulating a fix.

Here's HTC's statement on the issue:

HTC has developed a fix for a small WiFi issue affecting some HTC phones. Most phones have received this fix already through regular updates and upgrades.However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.

According to the blog published by the finders of the leak, models at risk of exploitation include the HTC Desire HD, Sensation, Desire S, EVO 3D and several other US-only Android phones.

The leak is very much a technical proof-of-concept that may happen rather than something that's actually been happening, though, with a very specific set of technical requirements needed in order for your password to actually make it out. [TNW]