A serious vulnerability that affected the way some popular HTC Android phones handle 802.1x usernames, passwords, and SSIDs was disclosed publicly today by engineers Chris Hessing and Bret Jordan. The bug allowed applications with only an ACCESS_WIFI_STATE permission to read your Wi-Fi SSIDs, usernames, and, most importantly, passwords on at least the following devices:
Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
Glacier - Version FRG83
Droid Incredible - Version FRF91
Thunderbolt 4G - Version FRG83D
Sensation Z710e - Version GRI40
Sensation 4G - Version GRI40
Desire S - Version GRI40
EVO 3D - Version GRI40
EVO 4G - Version GRI40
Of course, if a malicious application also happens to have access to the Internet, SMS, or other means of sending out information, credentials could leak out from a vulnerable device to a remote location.
We've been hearing about the HTC Ville, which should be set for an announcement at Mobile World Congress next month, since November of last year. The guys at HTC Hub recently spent some hands-on time with this upcoming mid-ranger and shot some video showing what it's all about. Prepare to be underwhelmed.
The original video (found at HTC Hub) has been made private, so we found an alternative.
Considering the low video quality, it's hard to say exactly what has been changed in Sense 4 compared to previous versions, aside from the pretty animations.
Our own Justin Case has been collaborating with Reid Holland (erishasnobattery) on TacoRoot – a tool that should root just about any HTC smartphone – for some time now, and with the recent additions to HTC’s official unlocking tool, they’ve decided to release it.
At the moment, it’s quite gnarly – it’s only a temporary root for now, and there are various issues with it (see below). That said, it’s incredibly useful for downgrading phones like the myTouch 4G, which can’t be unlocked or rooted with the most recent version of their software.
Update #1: The full flashable stock RUU (it's not rooted and will most likely wipe your data) has been leaked. It can be used by developers or users to roll back to stock 2.11.605.9. You can download it from our mirror here (MD5: 013cbdd3a9b28bc894631008fa2148e2).
Update #2: This update breaks revolutionary at the moment, but a fix is on its way.
Although it wasn't among the select few HTC devices confirmed to be receiving Ice Cream Sandwich, we have reasons to believe that T-Mobile's myTouch 4G will indeed be receiving the update in early 2012, according to an HTC customer support representative. Here's the original message:
First I want to thank you for the amazing job you've done building and maintaining my phone. It's my favorite phone I've ever owned by far. I'm incredibly excited for android 4.0 (Ice cream sandwich) and am really hoping for the update to come to the T-mobile mytouch 4g. I absolutely love the phone and don't want to replace it with another. I'm emailing to request that the T-mobile mytouch 4g be put on the forefront of update candidates. Thank you again.
Trevor Eckhart, a developer involved in uncovering a huge security vulnerability that affected several HTC devices, was recently threatened by Carrier IQ (CIQ), a company involved in gathering various forms of user data and sending it to carriers or manufacturers for analysis. For those who haven't been following the story, here's what happened:
Trevor Eckhart found several training manuals on CIQ's website. These were publicly available. Trevor shared them with the community, explaining just how far-reaching CIQ's data collection practices are.
If you don't know who Trevor Eckhart is, you might remember a little piece we published earlier this year about a massive HTC data vulnerability caused by the company's data-logging operations. Trevor was the guy who found that vulnerability and did almost all of the legwork in investigating it. Since then, Trevor has been hard at work looking at more mobile data logging applications used by various manufacturers, including one written by a company called Carrier IQ.
Amazon Wireless, one of our favorite online mobile retailers, launched its Black Friday promotions a little early this year, and boy are they good!
Did I say good? I meant absolutely incredible (though, unfortunately, only for new customers): every single phone at Amazon Wireless sold by Verizon Wireless, AT&T, and Sprint is going for just 1 penny.
Yup, even such $299 monsters as the HTC Rezound 4G and the DROID RAZR, along with the Galaxy S II variants (including the Skyrocket) are all priced down to a cent above free.
We've been hearing information about the HTC Rezound (codenamed Vigor) for quite a while now, and HTC just officially took the wraps off of this beasty. Like most other new HTC devices, it's packed with Beats by Dre, and, similar to the Sensation XE, has those wicked red capacitive buttons. It's quite impressive in terms of hardware spec:
4.3-Inch 720p (1282*720) display
1.5GHz dual-core Snapdragon processor
16GB built-in storage, 16GB microSD card
8P camera, 2MP front cam
Beats by Dre
4G LTE with simultaneous voice/data capabilities (like the Thunderbolt)