HTC admits it knew about Android smartphone WiFi flaw

Several months ago, some security researchers found a flaw in some of HTC's Android-based smartphones that allowed the phone's WiFi hardware to leak SSID and password information to hackers. HTC was told about this problem but basically ignored the flaw. This week, HTC finally admitted to the issue and said it would release patches for the smartphones that had the WiFi flaw.

So why did HTC wait months before admitting to the problem and fixing it? Engadget got a statement from the company which basically said they wanted to develop a fix before alerting consumers to the issue. The full statement is as follows:

HTC takes customer data security very seriously. If there is a known breach of sensitive customer data, our priority is customer notification along with corrective actions. It is our policy, and industry standard procedure, to protect customers, which sometimes necessitates not increasing data security risks by disclosing minor breach issues where no malicious applications are detected. In those cases, premature disclosure of vulnerabilities could spur creation of malicious apps to take advantage of any vulnerability before it is fixed. For this specific WiFi bug issue, we worked closely with Google and the security researchers from the date of notification and throughout this process to ensure that the majority of affected HTC phones had already received the fix prior to the vulnerability being made public.

HTC's support page states that most of their Android phones have had the WiFi flaw fixed via an automatic update but that some of their phones will need to be manually updated to deal with the issue. It adds, "Please check back next week for more information about this fix and a manual download if you need to update your phone."

Report a problem with article
Previous Story

Stephen Toulouse announces his resignation from Microsoft

Next Story

Facebook emulates Google+ photo viewer

14 Comments

Hmm, read the other day that the myTouch 3g...old phone...was getting a OTA update but there was no details. Wonder if this was it.

ShareShiz said,
"allowed the phone's WiFi hardware to leak SSID and password information"

EPIC FAIL

Well it's Android, what are you expecting?

Anthonyd said,
Well it's Android, what are you expecting?

Not all phone manufacturers are the same. And no device is 100 percent secure

Edited by techbeck, Feb 3 2012, 8:53pm :

alexalex said,
Contrary to HTC , hackers hasn't deliberately kept it quiet.

Hackers were the ones who brought it to HTC's attention - and worked with them to keep it quite until HTC were ready to publicly disclose it.

"HTC has developed a fix for a small WiFi issue affecting some HTC phones." Apparently not a big thing, why worry? ;-)

Commenting is disabled on this article.