Sprint has begun a round of firmware updates for all of its current HTC Android phones. The firmware update fixes a vulnerability in the HTC Sense user interface that could allow a hacker to access Android user data from their device.
Specifically, updates will begin to be made available today for the EVO 4G, EVO 3D, EVO Shift 4G, EVO Design 4G, EVO View 4G and Wildfire S.
The carrier is taking also encouraging users that want the update immediately to begin going to Settings > System Updates > HTC Software Update > Check Now. However, all users will eventually receive automatic update push notifications in waves, which also will begin going out today.
HTC Sense uses Internet-based Android widgets that have been the target of security experts and hackers, with a man-in-the-middle attack. Especially on a Wi-Fi hotspot, a nefarious hotspot could redirect HTC Sense server addresses to resolve to a malicious server, which in turn would send requests to the HTC device in order to hack it.
Once the server-side redirection is in-place, the vulnerability would allow for the widget to automatically pull down the affected code, and potentially trigger arbitrary code execution. Once an application executes, all user data on the device could potentially be accessed, with few limitations.
HTC and Sprint encourage all users update as soon as possible to avoid this vunerability. Read more for the full note from Sprint.
HTC devices, including HTC EVOâ„¢ 4G, HTC EVOâ„¢ 3D, HTC EVO Shiftâ„¢ 4G, HTC EVO Design 4Gâ„¢, HTC EVO View 4Gâ„¢ and HTC Wildfire Sâ„¢, will receive over-the-air updates starting today. Customers can download the update manually right away by following the instructions below.
Sprint worked closely with HTC after reports emerged of a potential issue that could allow malicious third-party apps to compromise data on Androidâ„¢ devices made by HTC.
Protecting customer privacy is a top priority at Sprint. Beginning today, HTC EVOâ„¢ 4G, HTC EVOâ„¢ 3D, HTC EVO Shiftâ„¢ 4G, HTC EVO Design 4Gâ„¢, HTC EVO View 4Gâ„¢ and HTC Wildfire Sâ„¢ customers will receive the over-the-air software update to address this situation. We urge all users to install the update promptly.
Update notifications will be sent to users in waves. The notification will let users know the update is available and provide the easy, over-the-air download instructions:
Users will receive a notification the software update is available for download.
Once users have downloaded the update, they will be prompted to install the update. Users will be notified that their devices will be disabled during the installation process. The phones will be ready to use once the process is complete.
Beginning today, customers can manually download the update by going to Settings >System updates > HTC software update > Check Now