HTC has said it has fixed a security flaw that exposes its users' Wi-Fi credentials on its Android handsets.
The flaw had been discovered in September by two researchers, who claimed it could allow hackers to send all stored Wi-Fi network credentials, including usernames, passwords and SSID information, to a separate server.
On a note on its website, HTC said it had developed an update to fix the issue. It said: 'Most phones have received this fix already through regular updates and upgrades. However, some phones will need to have the fix manually loaded. Please check back next week for more information about this fix and a manual download if you need to update your phone.'
The researchers who discovered the flaw praised HTC for its action and said the manufacturer was 'very responsive and good to work with'.
In a separate statement, HTC said it had not disclosed the flaw for several months because it did not want to draw attention to the vulnerability. A spokesman said: 'HTC takes customer data security very seriously. If there is a known breach of sensitive customer data, our priority is customer notification along with corrective actions... For this specific Wi-Fi bug issue, we worked closely with Google and the security researchers from the date of notification and throughout this process to ensure that the majority of affected HTC phones had already received the fix prior to the vulnerability being made public.'