A serious vulnerability that affected the way some popular HTC Android phones handle 802.1x usernames, passwords, and SSIDs was disclosed publicly today by engineers Chris Hessing and Bret Jordan. The bug allowed applications with only an ACCESS_WIFI_STATE permission to read your Wi-Fi SSIDs, usernames, and, most importantly, passwords on at least the following devices:
Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
Glacier - Version FRG83
Droid Incredible - Version FRF91
Thunderbolt 4G - Version FRG83D
Sensation Z710e - Version GRI40
Sensation 4G - Version GRI40
Desire S - Version GRI40
EVO 3D - Version GRI40
EVO 4G - Version GRI40
Of course, if a malicious application also happens to have access to the Internet, SMS, or other means of sending out information, credentials could leak out from a vulnerable device to a remote location.
Koushik Dutta, the mastermind behind ClockworkMod recoveries and other goodies, has been hard at work today after releasing the initial beta versions of the new Touch iteration of CWM for the Nexuses. "What was he doing?" you may ask. Adding support for more devices, one by one. They are, as of this moment:
HTC EVO 4G
HTC EVO 3D (CDMA/GSM)
HTC Desire GSM
HTC Desire HD
Update #1: HTC Thunderbolt added
Motorola Atrix 4G
and, of course, Galaxy Nexus (CDMA/GSM) and Nexus S/S4G that we already knew about
This article deals with a couple of advanced topics.
We've been hearing about the HTC Ville, which should be set for an announcement at Mobile World Congress next month, since November of last year. The guys at HTC Hub recently spent some hands-on time with this upcoming mid-ranger and shot some video showing what it's all about. Prepare to be underwhelmed.
The original video (found at HTC Hub) has been made private, so we found an alternative.
Considering the low video quality, it's hard to say exactly what has been changed in Sense 4 compared to previous versions, aside from the pretty animations.
Verifying a rumor put out by BGR over a month ago, HTC has announced after a dismal end to 2011 (net profits fell 26% last quarter) that the company will be changing its handset strategy to focus on fewer, "hero" devices in the coming year. The problem of excessive handset iteration is one I've opined on before. It is a problem, and while it's unlikely that HTC's balance sheet woes were even in majority caused by the large number of handsets they released, making fewer models is certainly a way to cut costs and increase the amount of attention that goes into each product.
A software update for the HTC Rezound is coming soon, according to Verizon's support page for the device. Hoping it's the update Rezound owners have been waiting for - you know, the one to ICS? Sorry to burst your bubble, but there's nothing to it but minor bugfixes and changes. But hey, you can't complain about them fixing things in the interim, can you? The update bumps things up to version number 2.01.605.11 and baseband 0.95.00.1118r.
In the tech world, devices come and go fairly often. Once it's determined that a device has worn out its welcome, it ends up where no one wants to be: on the EoL (end-of-life) list. The latest EoL list to make it way into the mainstream is from Sprint, and it looks like the HTC EVO View 4G will be phased out beginning on January 29th.
The EVO View 4G will be joined by a few other random devices, including the Blackberry Playbook and the phone that will not die - the EVO 4G.
If you didn't know, HTC has promised to provide bootloader unlock support for all devices released after September of 2011 as well as many others released before, and they have been keeping good on that promise with added support for many devices over the last few months.