HTC Admits Critical Android Flaw, Will Release Fix Soon

Asia's second largest smartphone maker HTC has admitted that some of its Android powered handsets may suffer from a vulnerability that could leak users' Wi-Fi passwords.

Apparently, the vulnerability leaves the users' personal credentials totally exposed over the Wi-Fi network they are using to access the Web. The flaw was first identified by a pair of security researchers Bret Jordan and Chris Hessings and once they disclosed the details, it immediately drew HTC's attention.

According to the researchers, if an attacker could access the android.permission.INTERNET permissions, the result may turn out to be a devastating one for the victim as the hackers will easily be able to extract all the personal credentials stored on the device and then send them to a remote server on the Internet.

"When this is paired with the Internet access permissions, which most applications have, an application could easily send all stored Wi-Fi network credentials (user names, passwords, and SSID information) to a remote server," Jordan explained in a blog post, reports Channel News.

HTC has stated that while most of the handsets will automatically patch the glitch, others will be requiring a manual fix.