Heartbleed risk for Android devices: How to check if you’re affected

By Alexandra Burlacu | Apr 13, 2014 07:17 AM EDT

Share This Story

  • Print
  • Email


If you own an Android device, your data may be vulnerable to the Heartbleed bug, and more information now details how you can check whether you're at risk.

The Heartbleed bug has thrown a grenade onto the Internet security community, posing a huge threat to companies and users alike. For those of you unfamiliar with the issue, Heartbleed is a vulnerability in the openSSL software library, allowing hackers to steal sensitive data directly from the memory space of an application. The SSL/TLS connection produces heartbeats that the bug infiltrates, allowing attackers to learn the private keys that should keep data securely encrypted as it moves over the Internet.

Follow us

Major companies started to update their software to patch the bug as soon as the issue surfaced, but the Heartbleed bug affected a huge amount of websites and the potential damage is still of great proportions. Considering how popular SSL encryption is, researchers believe the bug affected as much as two-thirds of the Web, including mobile devices.

Apple, on its part, said that its iOS platform was not vulnerable to Heartbleed-based attacks, but things are quite different with Android devices. According to Google, vulnerable versions of openSSL are present in nearly all versions of AOSP from 4.1 and up. All except one had heartbeats turned off, however, which means that the risk is not that great. Android 4.1.1 is the only version that had the heartbeat feature turned on, leaving only devices running this version vulnerable to Heartbleed-based attacks.

On the other hand, if OEMs have switched the heartbeat feature back on within their device's software, those devices would be vulnerable as well. Thanks to newly-released information, now you can check whether your device or any of the apps installed on it are vulnerable to a Heartbleed attack.

Security company Bluebox has launched a Heartbleed Scanner app on the Google Play store, which is designed to run a quick check and determine whether your device is vulnerable or not.

"If you are concerned about the vulnerability of your device and apps then please run our scanner and then contact the manufacturer of your device and/or the developer of your apps to see if the version of OpenSSL is vulnerable," Bluebox explains.

The Bluebox Heartbleed Scanner can look for apps installed on your phone and see if they've bundled their own version of openSSL. The app will also check the version of the library and see whether heartbeat was enabled. If the scan finds any apps that show vulnerabilities, you can report them on the Google Play store and send an email to the app's developers (you can find the email addresses in the Play store listing). It is advisable to stop using the app that is found as vulnerable, as it may compromise your data. To run a quick scan and see whether your Android device is at risk, head over to the Google Play store at this link and get the Bluebox Heartbleed Scanner. 



Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

Heartbleed, android, Bluebox Heartbleed Scanner, Internet security

Join Our Conversation

The HTC logo is seen with different devices from the brand HTC M10 Perfume Launching A Month Later After MWC 2016
Lava Unleashes New P7 Device Into The Indian Market
New Disney Phone Coming To Japan
Xiaomi Locks Redmi Note 3, Mi 4c And Mi Note Pro; Others To Follow Suit?
Tablet / Laptop / PC
Dell Venue 7 and Venue 8 Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Amazon Logo Amazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC Logo HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google Downtime Google blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
ZTE's new lease program ZTE’s new Lease-to-own Program for Mobile Devices
LG’s G Pay to Take on Google, Samsung and Apple
Facebook: Taxes in the UK and a new Shopping tab
Samsung’s VR Headset to be Released at $99, Hulu Jumps Onboard with Apps Ready

Most Popular

© 2016 IBT Media Inc. All Rights Reserved.mobilenapps