Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: bakedjake
HTC has acknowledged a flaw in the way that some of its handsets handle specific Android requests may expose the security credentials on Wi-Fi networks they are connected to.
Researchers Chris Hessing and Bret Jordan found that any Android application on an affected HTC handset with the android.permission.ACCESS_WIFI_STATE permission would be able to call upon the .toString() command in the WifiConfiguration class to view all credentials of a Wi-Fi network.
If combined with the android.permission.INTERNET permission, attackers could then harvest the details and send them to a remote server on the Internet.