Using an app that takes advantage of this flaw, an attacker could harvest SSID names and passwords for all wireless networks that the phone has accessed. For average consumers, this isn’t a huge concern, but as researchers Chris Hessing and Bret Jordan note, the exploit “exposes enterprise-privileged credentials in a manner that allows targeted exploitation.”
The affected phones are the Desire HD (both “ace” and “spade” board revisions) Versions FRG83D and GRI40; Glacier Version FRG83; Droid Incredible Version FRF91; Thunderbolt 4G Version FRG83D; Sensation Z710e Version GRI40; Sensation 4G – Version GRI40; Desire S – Version GRI40; EVO 3D Version GRI40; and EVO 4G Version GRI40. HTC’s MyTouch 3G and Google Nexus One are not affected.
HTC has acknowledged the issue, and says most phones have already received a fix through regular updates. Other phones, however, will require users to manually load the fix. The company says it will have more information on the matter next week.
Hessing and Jordan discovered the flaw in September, and worked with HTC and Google for months before revealing it publicly. “Google and HTC have been very responsive and good to work with on this issue,” the researchers wrote, noting that Google made code changes to better protect Wi-Fi credentials and scanned the Android Market for apps that might be taking advantage of the security flaw. (It found none.)
Follow Jared on Twitter, Facebook or Google+ for even more tech news and commentary.