Heartbleed risk for Android devices: How to check if you’re affected

By Alexandra Burlacu | Apr 13, 2014 07:17 AM EDT

Share This Story

  • Print
  • Email

 

If you own an Android device, your data may be vulnerable to the Heartbleed bug, and more information now details how you can check whether you're at risk.

The Heartbleed bug has thrown a grenade onto the Internet security community, posing a huge threat to companies and users alike. For those of you unfamiliar with the issue, Heartbleed is a vulnerability in the openSSL software library, allowing hackers to steal sensitive data directly from the memory space of an application. The SSL/TLS connection produces heartbeats that the bug infiltrates, allowing attackers to learn the private keys that should keep data securely encrypted as it moves over the Internet.

Follow us

Major companies started to update their software to patch the bug as soon as the issue surfaced, but the Heartbleed bug affected a huge amount of websites and the potential damage is still of great proportions. Considering how popular SSL encryption is, researchers believe the bug affected as much as two-thirds of the Web, including mobile devices.

Apple, on its part, said that its iOS platform was not vulnerable to Heartbleed-based attacks, but things are quite different with Android devices. According to Google, vulnerable versions of openSSL are present in nearly all versions of AOSP from 4.1 and up. All except one had heartbeats turned off, however, which means that the risk is not that great. Android 4.1.1 is the only version that had the heartbeat feature turned on, leaving only devices running this version vulnerable to Heartbleed-based attacks.

On the other hand, if OEMs have switched the heartbeat feature back on within their device's software, those devices would be vulnerable as well. Thanks to newly-released information, now you can check whether your device or any of the apps installed on it are vulnerable to a Heartbleed attack.

Security company Bluebox has launched a Heartbleed Scanner app on the Google Play store, which is designed to run a quick check and determine whether your device is vulnerable or not.

"If you are concerned about the vulnerability of your device and apps then please run our scanner and then contact the manufacturer of your device and/or the developer of your apps to see if the version of OpenSSL is vulnerable," Bluebox explains.

The Bluebox Heartbleed Scanner can look for apps installed on your phone and see if they've bundled their own version of openSSL. The app will also check the version of the library and see whether heartbeat was enabled. If the scan finds any apps that show vulnerabilities, you can report them on the Google Play store and send an email to the app's developers (you can find the email addresses in the Play store listing). It is advisable to stop using the app that is found as vulnerable, as it may compromise your data. To run a quick scan and see whether your Android device is at risk, head over to the Google Play store at this link and get the Bluebox Heartbleed Scanner. 

 

 

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2014 Mobile & Apps All rights reserved. Do not reproduce without permission.

Join Our Conversation

Smartphones
T-Mobile Samsung Gear S Samsung Gear S 3G smartwatch gets wearable-specific data plan on T-Mobile – Prices & options
‘World’s narrowest’ FHD smartphone display from LG is virtually bezel-free
Samsung Galaxy A3, Galaxy A5 break cover with full-metal unibody designs & more (VIDEO)
Droid Turbo global version launching on Nov. 5 as Moto Maxx?
Tablet / Laptop / PC
Dell Venue 7 and Venue 8 Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon Logo Amazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC Logo HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google Downtime Google blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Flipboard for Windows Phone Flipboard for Windows Phone finally available, but requires 1GB of RAM (VIDEO)
Vine gets major update, lets you upload previously-shot videos & more (VIDEO)
BlackBerry Messenger (BBM) finally hits Windows Phone – Available as a free download now
Instagram releases Bolt ephemeral messaging app in select markets to challenge Snapchat
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps
Real Time Analytics