HTC fixes Wi-Fi security issue in EVO 3D

Wi-Fi has been making a ton of progress lately as a mobile broadband alternative, though for at least the second time in recent months a Wi-Fi-related security vulnerability has come to light.

Mobile phone maker HTC admitted late last week that the HTC EVO 3D Android phone had a security vulnerability that could allow its Wi-Fi security information to be stolen by a hack attack. The company quickly issued an over-the-air update to address the problem. It also will have a manual update ready by next week for other HTC phones that can't accept the OTA solution.

The problem was actually discovered in September of last year, according to the site Technbloom, but HTC and Google (NASDAQ:GOOG) worked with the security researchers who discovered the issue to develop a fix for it before that publicly announced the potential weakness.

Without the fix, a malicious application with "ACCESS_WIFI_STATE" could gain permission to access to the Wi-Fi passwords of the networks to which the HTC EVO 3D was connected.  HTC also claimed that a bug taking advantage of the problem could not have done much worse than just steal Wi-Fi passwords.

News of the HTC vulnerability and fix comes less than two months after a security researcher discovered a key vulnerability in the Wi-Fi Protected Set-up mode for access points that allowed security PINs to be cracked more easily than previously thought.

These security issues are not related, but they do come at a time when Wi-Fi is experiencing something of a resurgence on the potential for Wi-Fi off-load scenarios, as well as the very robust 802.11ac standard under development.

For more:
- see this Technobloom post

Related articles:
Sprint and HTC pledged to rid the EVO 3D of Carrier IQ
Cisco urged users to disable WPS after a security flaw became known