Good and EVO

HTC admits to previous WiFi vulnerability in HTC EVO 4G and EVO 3D

Wifi-bugHTC admitted yesterday that several of its devices, including the HTC EVO 4G and EVO 3D, were affected by yet another security bug, which allowed any app that requested access to WiFi permissions to read WiFi usernames, passwords, and SSIDs.

However, Google and HTC seem fairly certain that no confidential WiFi information has actually been compromised: this bug was first reported privately to both Google and HTC over four months ago, giving both companies more than enough time to find the problem and roll out software updates to fix it. Additionally, Google completed an in-depth scan of the entire Android Market and found that no apps made use of this particular exploit.

So while it's comforting to know that both the EVO 4G and EVO 3D have been patched, it's still disconcerting to discover that a bug like this existed in the first place. Props to HTC and Google for taking action, but let's try to not have a repeat, ok?

[Android Police] Thanks, Jenella and David!

Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

John F

John was the editor-in-chief at Pocketables. His articles generally focus on all things Google, including Chrome and Android, although his love of new gadgets and technology doesn't stop there. His current arsenal includes the Nexus 6 by Motorola, the 2013 Nexus 7 by ASUS, the Nexus 9 by HTC, the LG G Watch, and the Chromebook Pixel, among others.

Avatar of John F

11 thoughts on “HTC admits to previous WiFi vulnerability in HTC EVO 4G and EVO 3D

  • When was it fixed? Us rooted folk don’t take OTA updates very seriously.

    Reply
  • Avatar of OG EVO 4G

    EVO 4G wasn’t one of them on the list

    Reply
  • We don’t know which update fixed it. But if you’re on a good ROM, your developer should have already updated it to the latest OTA, so you should hopefully be ok.

    Reply
  • Umm props?
    So you’re telling us that we should give htc props? Why didn’t they release this to their customers? BS

    Reply
  • Avatar of hidroid

    So carrier iq, the wi-max security issue and now this. I’m sorry to say that I think I’ve purchased my last htc device.

    Reply
  • Probably because they wanted to insure the vast majority of people had accepted the OTA that patched it before they disclose it… Specially since Google took the time to do an investigation and found no apps that abused the hole. Personally, I can’t say I fault them, at least not without a more detailed timeline of events.

    You might think four months is slow but if the patch went out one or two OTAs ago that’s actually a pretty quick turnaround given carrier validation etc. Other manufacturers could take upwards of a year to fix an exploit that no one knows about and no one’s using. (Samsung and Apple come to mind)

    Honestly, say what you will about Sense, but I’ve found that HTC is actually the most responsive and proactive Android manufacturer out there when it comes to software updates, in particular when it comes to their Sprint flagship phones… So yes, props to them both.

    Samsung still has first gen Galaxy S phones waiting for Gingerbread, Moto’s phones have at times being the hardest to hack (and Blur’s been consistently the worst Android skin/mod), and LG’s solid but they’ve released a few buggy phones (G2x?). My first EVO released upwards of half a dozen updates before I sold it a year later, and even the EVO 3D has gone thru three or four OTAs and it’s midway thru it’s life cycle.

    You really can’t day that for too many other phones… Don’t get me wrong, I usually root my phones right away and update via patched dev ROMs, but manufacturer updates still provide a lot of value.

    Reply
  • Frank, Ive been an htc fan since day 1. They are what got me to android and Ive been more vocal about supporting htc than any other manufactuter because of their speedy updates to newer android updates. However my issue is with your first statement about waiting to make sure people had accepted the OTA. That and the carrier iq fiasco is what is turning me off. The decision to wait is not fair to the consumer. It makes me think…what else are they waiting to tell us. That to me is unfair. Be responsible! Agree with your statement about quick turnaround time. However all this also leads me to believe that if google hadnt intervened, would htc have been proactive in sorting this out. Maybe all these are intertvined with htcs decisio to release fewer handsets per year. Less handsets…less time to debug all their holes.
    Ive jumped the htc ship after carier iq.

    Reply
  • Carrier Iq was in other android phones not just HTC ones.. Even iPhones had it

    Reply
  • I know that I’m just saying 3 security major security issues since June isn’t really making me feel to safe. I wonder if this bug is on my view too?

    Reply
  • Ok … have to redact my issue with this.
    Per HTC: In those cases, premature disclosure of vulnerabilities could spur creation of malicious apps to take advantage of any vulnerability before it is fixed.
    I can undertand WHY they didn’t want to disclose it.

    However, still loving my pure google experience on nexus.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *