An Interest In:
Web News this Week
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
- April 12, 2024
HTC acknowledges long-running WiFi security flaw, says it kept it quiet to prevent exploits
As far back as September, security researchers discovered a "critical" bug in many HTC Android handsets that exposed users' WiFi credentials to any hacker who cared to look. The flaw affected recent devices like the Thunderbolt and EVO 4G all the way back to the Desire HD. The researchers promptly notified HTC, but the manufacturer waited a full five months before acknowledging the flaw publicly a few days ago. Sounds shady, perhaps, but HTC sent us a statement clarifying that this is standard policy to protect customers. It says it waited to develop a fix before it alerted the big bad world to the vulnerability. Most newer devices have already received their fix OTA, but owners of some older phones -- we'll update this post when we know exactly which ones -- will need to check the HTC Support site for a manual update next week. Meanwhile, in the manufacturer's defense, the guys at the Open1X group who discovered the bug say that HTC was "very responsive and good to work with." Here's HTC's statement to us:"HTC takes customer data security very seriously. If there is a known breach of sensitive customer data, our priority is customer notification along with corrective actions. It is our policy, and industry standard procedure, to protect customers, which sometimes necessitates not increasing data security risks by disclosing minor breach issues where no malicious applications are detected. In those cases, premature disclosure of vulnerabilities could spur creation of malicious apps to take advantage of any vulnerability before it is fixed. For this specific WiFi bug issue, we worked closely with Google and the security researchers from the date of notification and throughout this process to ensure that the majority of affected HTC phones had already received the fix prior to the vulnerability being made public."
HTC acknowledges long-running WiFi security flaw, says it kept it quiet to prevent exploits originally appeared on Engadget on Fri, 03 Feb 2012 05:13:00 EDT. Please see our terms for use of feeds.
Permalink | ||CommentsOriginal Link: http://www.engadget.com/2012/02/03/htc-acknowledges-wifi-security-flaw-says-it-deliberately-kept-i/
Engadget
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics. Engadget was launched in March of 2004 in partnership with the Weblogs, Inc. Network (WIMore About this Source Visit Engadget