Feb. 2, 2012 at 11:23 AM ET
Handset maker HTC has acknowledged that a security flaw affecting several of the company's popular wireless devices allows malicious apps to steal users' Wi-Fi passwords. A fix for the issue has been developed and even deployed via software update to many of the affected devices.
The Next Web reports that this particular flaw was first discovered by researchers Chris Hessing and Bret Jordan. The two reportedly came across the issue in Sept. 2011, but did not publicly disclose it before HTC and Google had the opportunity to establish the cause of the problem and begin issuing a fix.
The issue, which is more accurately described as a security risk, is that a user's Wi-Fi credentials could be harvested by an app which is designed for that purpose. This would mean that such an app would have to be installed on a user's device in order for his or her Wi-Fi credentials to be at risk.
According to the U.S. Computer Emergency Readiness Team (US-CERT), the devices affected by the security flaw include the Desire HD, Glacier, Droid Incredible, Thunderbolt 4G, Sensation Z710e, Sensation 4G, Desire S, EVO 3D and EVO 4G. The myTouch3g and the Nexus One have "been reported as not affected."
HTC's Help Center explains that most of the affected devices have already received the necessary fix "through regular updates and upgrades." Some devices will need to have the fix "manually loaded" though and the company will provide details on that process next week.
Related stories:
- How to properly celebrate Change Your Password Day
- Facebook glitch reveals private photos — including Zuckerberg's
- Blog: 'Apple bug let us spy on stranger's iPhone'
Want more tech news, silly puns, or amusing links? You'll get plenty of all three if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.