HTC says most phones have already received a fix through regular updates but other devices will require users to manually load the fix. HTC is moving quickly to squash a security flaw that could expose Wi-Fi credentials on the company’s Android phones.Using an app that takes advantage of this flaw, an attacker could harvest SSID names and passwords for all wireless networks that the phone has accessed. For average consumers, this isn’t a huge concern, but as researchers Chris Hessing and Bret Jordan note, the exploit “exposes enterprise-privileged credentials in a manner that allows targeted exploitation.”The affected phones are the Desire HD (both “ace” and “spade” board revisions) Versions FRG83D and GRI40; Glacier Version FRG83; Droid Incredible Version FRF91; Thunderbolt 4G Version FRG83D; Sensation Z710e Version GRI40; Sensation 4G – Version GRI40; Desire S – Version GRI40; EVO 3D Version GRI40; and EVO 4G Version GRI40. HTC’s MyTouch 3G and Google Nexus One are not affected.HTC has acknowledged the issue, and says most phones have already received a fix through regular updates. Other phones, however, will require users to manually load the fix. The company says it will have more information on the matter next week. Hessing and Jordan discovered the flaw in September, and worked with HTC and Google for months before revealing it publicly. “Google and HTC have been very responsive and good to work with on this issue,” the researchers wrote, noting that Google made code changes to better protect Wi-Fi credentials and scanned the Android Market for apps that might be taking advantage of the security flaw. (It found none.)Although a few other Android vulnerabilities have surfaced in the past, security flaws haven’t become a major issue for the platform, as they tend to get fixed before they become a danger to average consumers. The bigger concerns for Android users are mobile malware and invasive adware, which surface occasionally because of the open nature of the Android Market. Fortunately, a bit of common sense will keep most users safe from mobile security threats. Follow Jared on Twitter, Facebook or Google+ for even more tech news and commentary. Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO CSO and CISO CSO and CISO news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe