Some time back HTC finally came ahead and acknowledged that a few of the Android phones manufactured by it had an issue which could let the user’s WiFi credentials get hacked along with WiFi SSID and security passwords. The information could be accessed by a malicious app that was running on these phones. Chris Hessing and Bret Jordan, who work as Security Architects, these two first discovered this vulnerability.
The issue arises from the fact that some of the models are letting an Android application which has standard permissions (like android.permission.ACCESS_WIFI_STATE) to access the stored WiFi credentials along with other information, usernames, security passwords. In fact with the permission android.permission.INTERNET, this app was able to send this list of stolen credentials to a remote server. This list of WiFi credentials can pose danger to your security, some of which are as follows –
Unauthorized & Unrestricted Access to WiFi Networks
Once someone gets the list of your WiFi credentials, they can easily access those WiFi Networks unauthorizedly and unrecognized. Be it your home or your office or your college campus, these WiFis are not longer safe then. In fact a hacker can then carry out malicious activities like getting Malware spread across the network or scanning it for personal informations and vulnerabilities that can be profited from.
In a time when many companies are encouraging and going down the BYOD (Bring Your Own Device) route, having access to one company’s WiFi means gaining access to the personal devices that are connected on that network. These personal devices thus then face serious security issues. Usually almost all the WiFi networks need security pass phrases or usernames with passwords, and thus these can provide access to exploit the vulnerabilities discovered. On the other hand, networks that require digital certificates or use SIM for authentication are comparatively safer.
Eavesdropping or Hijacking of Secure Networks
Once you lose the WiFi credentials of a network like WPA/WPA2-PSK, it can prove more dangerous than losing it for a network like WPA/WPA2-802.1x as all the WiFi clients which are present on the network will have same security phrase for the former case. Thus, when a hacker has gotten these SSID and security passphrases, they can go around all the communications that are taking place over the said WiFi network, and decode the encrypted ones.
These decoded conversations can then lead them to browser cookies, and even ongoing web sessions, which can thus be hijacked. As you know WPA/WPA2-PSK networks are particularly more popular with home networks as well as SOHO users, making them more susceptible to attacks, even when the information is encrypted, as once the hacker gets the stolen credentials, it is far more easy for them to take advantage of it.
These compromised WiFi networks can then be used by the hackers to launch man-in-the-middle attacks, which will basically leak private and secure information, data and can lead to malware installation. However, WPA/WPA2-PSK networks are way more at risk for having man-in-the-middle attacks, but the Hole196 can make it easy for hackers to carry out such attacks on WPA/WPA2-802.1x network also.
Personal & Sensitive Information Compromised
Using WiFi hotspots is a rather popular way of accessing internet for people while working or traveling or foraying into public spaces. Usually, such hotspots will have identity of locations in SSID, making losing WiFi credentials, along with SSID details, a trouble, which can in fact get third parties hoards of information – private and sensitive – about the user. It can even lead to crimes like stalking.
All the above risks that a user faces once their WiFi credentials are compromised, make this discovery extremely important. In a time like ours, when more and more people are using Android smartphones and WiFi networks all around the world, user security is a concern, now more than ever. Given the freedom that Android provides as a platform, these vulnerabilities can lead to much targeted and developed attacks against the compromised user devices.
You may note that a fix has been made available for this vulnerability and the manufacturer HTC has stated that a lot of devices have received the fix using standard updates, however some of the users might have to go down the manual route. Thus, this whole fiasco will fortunately, and hopefully, lead to acknowledging the risks that this vulnerability posed along with more aware users who would be forthcoming while installing apps on their devices.