engine - 12:33 pm on Feb 2, 2012 (gmt 0)

Some HTC Handsets May Expose Security Credentials On WiFi Connections [thenextweb.com]

HTC has acknowledged a flaw in the way that some of its handsets handle specific Android requests may expose the security credentials on Wi-Fi networks they are connected to. Researchers Chris Hessing and Bret Jordan found that any Android application on an affected HTC handset with the android.permission.ACCESS_WIFI_STATE permission would be able to call upon the .toString() command in the WifiConfiguration class to view all credentials of a Wi-Fi network. If combined with the android.permission.INTERNET permission, attackers could then harvest the details and send them to a remote server on the Internet.