802.1X password exploit on many HTC Android devices

February 1, 2012 By

Summary: This flaw exposes enterprise-privileged credentials in a manner that allows targeted exploitation

www.1and1.com

Information At A Glance
  • Source – open1x.org Security Announcement
  • Version/Dependency – See Miscl. Section Below
  • Developer – HTC (mfg)
  • Severity – CRITICAL
Summary
Researchers (listed below) reported the following ——————————————————————–

“There is an issue in certain HTC builds of Android that can expose the user’s 802.1X Wi-Fi credentials to any program with basic WI-FI permissions. When this is paired with the Internet access permissions, which most applications have, an application could easily send all stored Wi-Fi network credentials (user names, passwords, and SSID information) to a remote server. This exploit exposes enterprise-privileged credentials in a manner that allows targeted exploitation.

The researchers have have verified the following devices as having this issue (there may be others including some non-HTC phones):
  • Desire HD  (both “ace” and “spade” board revisions) – Versions FRG83D, GRI40
  • Glacier – Version FRG83
  • Droid Incredible – Version FRF91
  • Thunderbolt 4G – Version FRG83D
  • Sensation Z710e – Version GRI40
  • Sensation 4G – Version GRI40
  • Desire S – Version GRI40
  • EVO 3D – Version GRI40
  • EVO 4G – Version GRI40
Fix / Corrective Action(s)
See : http://www.htc.com/www/help/
See Also: CVE-2011-4872
Miscellaneous
Credit (per announcement)

Chris Hessing from The Open1X Group (http://www.open1x.org) who is currently working on Android, iOS, Windows, Mac OSX, and Linux 802.1X tools for Cloudpath Networks (http://www.cloudpath.net/) discovered this password exploit.

IDrive Remote Backup


Disclaimer: Salvus Alerting provides timely industry related information to its subscriber community and visitors for informational purposes only and makes every effort to distribute accurate and reliable information. Any information provided, is considered “as-is” and the subscriber and/or visitor assumes all responsibility for its uses. Salvus Alerting disclaims all warranties with regard to the information being provided, including all implied warranties of merchantability and fitness. In no event shall Salvus Alerting be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other legal action, arising out of or in connection with the use or performance of this information being provided. Salvus Systems and Salvus Alerting is a wholly owned and operated by FactNgN, LLC. – as of 02/01/2012
Filed Under: Android-HTC, Latest SalvusAlerts, Mobile Tagged With: , ,