WiMax security flaw discovered in HTC EVO devices

Only recently did HTC and Sprint start to roll out an update that supposedly fixes the security flaws that was discovered a while back. However it looks like HTC may have to issue another security update, this time for their devices that are WiMax enabled, meaning the HTC EVO family of smartphones. According to TrevE, the developer who discovered this flaw:

“Those of you who enjoy the speeds of WiMax on their 4G enabled devices are doing so with an inherent risk. It turns out that WiMax is even more open than the HTC logger app. The more technical details are basically that an attacker who gains control over this can potentially manipulate data connectivity and to go even as far as being able to completely reprogram your device’s CDMA parameters remotely! This is done through two open ports that basically require no authentication and just as before, the only thing required for a malicious app to do anything is INTERNET permission. The other interesting thing that came out of this discovery is that apparently you can also send commands to the radio via the WiMaxmonitoring port, and sending a single coma can create an “out of bounds range exception” basically crashing your device.”

Apparently TrevE has already contacted HTC, and according him HTC is already working on a fix for this. To see this flaw in action, you can check out the video here.