HTC admits to not disclosing security bug

Posted by Mike Luttrell

HTC has come forward to say that it decided to keep quiet about a recently uncovered glitch that exposed user's Wi-Fi data.

Last year, news broke that it was possible for malicious hackers to gain access to Wi-Fi credentials of other users, effectively allowing them to gain access to secured wireless networks.

However, HTC did not respond to requests for comment and seemed to be pushing it under the rug. But more and more news came out about the glitch, leading everyone to realize this was not just a fluke. Something was wrong with the phones' internal software.

Affected models included very popular devices like the Thunderbolt, Desire, and Evo 4G. It isn't until now that HTC is admitting there was a problem, but the company said it had been working behind-the-scenes since the first report surfaced.

In a statement received by Engadget, the company said, "HTC takes customer data security very seriously. If there is a known breach of sensitive customer data, our priority is customer notification along with corrective actions. It is our policy, and industry standard procedure, to protect customers, which sometimes necessitates not increasing data security risks by disclosing minor breach issues where no malicious applications are detected."

It continued, "In those cases, premature disclosure of vulnerabilities could spur creation of malicious apps to take advantage of any vulnerability before it is fixed. For this specific WiFi bug issue, we worked closely with Google and the security researchers from the date of notification and throughout this process to ensure that the majority of affected HTC phones had already received the fix prior to the vulnerability being made public."

See more about: