HTC smartphones have a glitch that could expose the owner's Wi-Fi password and SSID to a malicious apps running on the phones. A fix has already been sent out to many model smartphones. Others will have update their smartphones manually.
Models affected include the Droid Incredible, HTC Thunderbolt 4G, HTC Sensation, HTC Sensation 4G , Desire S, EVO 3D, and EVO 4G. The MyTouch 3G and Nexus One are not affected.
HTC requested that users check back next week for more information about the fix and a manual download for updates. Newer versions of the Android have greater security functionality. It has been months since the flaw was first discovered.
Chris Hessing reported:
"There is an issue in certain HTC builds of Android that can expose the user's 802.1X Wi-Fi credentials to any program with basic WI-FI permissions. When this is paired with the Internet access permissions, which most applications have, an application could easily send all stored Wi-Fi network credentials (user names, passwords, and SSID information) to a remote server. This exploit exposes enterprise-privileged credentials in a manner that allows targeted exploitation.
Although the published Android APIs don't provide access to the 802.1X settings, it is possible to view the settings with the .toString() member of the WifiConfiguration class."
Nice post! Keep up the informative work!