Heartbleed risk for Android devices: How to check if you’re affected
Alexandra BurlacuIf you own an Android device, your data may be vulnerable to the Heartbleed bug, and more information now details how you can check whether you're at risk.
The Heartbleed bug has thrown a grenade onto the Internet security community, posing a huge threat to companies and users alike. For those of you unfamiliar with the issue, Heartbleed is a vulnerability in the openSSL software library, allowing hackers to steal sensitive data directly from the memory space of an application. The SSL/TLS connection produces heartbeats that the bug infiltrates, allowing attackers to learn the private keys that should keep data securely encrypted as it moves over the Internet.
Major companies started to update their software to patch the bug as soon as the issue surfaced, but the Heartbleed bug affected a huge amount of websites and the potential damage is still of great proportions. Considering how popular SSL encryption is, researchers believe the bug affected as much as two-thirds of the Web, including mobile devices.
Apple, on its part, said that its iOS platform was not vulnerable to Heartbleed-based attacks, but things are quite different with Android devices. According to Google, vulnerable versions of openSSL are present in nearly all versions of AOSP from 4.1 and up. All except one had heartbeats turned off, however, which means that the risk is not that great. Android 4.1.1 is the only version that had the heartbeat feature turned on, leaving only devices running this version vulnerable to Heartbleed-based attacks.
On the other hand, if OEMs have switched the heartbeat feature back on within their device's software, those devices would be vulnerable as well. Thanks to newly-released information, now you can check whether your device or any of the apps installed on it are vulnerable to a Heartbleed attack.
Security company Bluebox has launched a Heartbleed Scanner app on the Google Play store, which is designed to run a quick check and determine whether your device is vulnerable or not.
"If you are concerned about the vulnerability of your device and apps then please run our scanner and then contact the manufacturer of your device and/or the developer of your apps to see if the version of OpenSSL is vulnerable," Bluebox explains.
The Bluebox Heartbleed Scanner can look for apps installed on your phone and see if they've bundled their own version of openSSL. The app will also check the version of the library and see whether heartbeat was enabled. If the scan finds any apps that show vulnerabilities, you can report them on the Google Play store and send an email to the app's developers (you can find the email addresses in the Play store listing). It is advisable to stop using the app that is found as vulnerable, as it may compromise your data. To run a quick scan and see whether your Android device is at risk, head over to the Google Play store at this link and get the Bluebox Heartbleed Scanner.
© Copyright 2020 Mobile & Apps, All rights reserved. Do not reproduce without permission.most read
related stories
more stories from Mobile
One UI 6.1.1 reportedly introduces exciting video AI features to Samsung devices. Explore the latest enhancements!
ernest hamiltonTencent is gearing up to launch the 'Dungeon and Fighter' mobile game in May, promising an exciting new gaming experience for fans of the franchise.
ernest hamiltonApple's latest software release confirms iPhone AI plans, unveiling eight small AI language models for on-device use, promising enhanced performance and privacy.
ernest hamiltonHMD introduces budget-friendly phones, all under $200, promising affordability without compromise.
ernest hamiltonExperience the latest Android 15 Beta 1.2! Pixel users, unlock additional bug fixes and enhancements now!
ernest hamiltonCheck out the latest from Glance! They're piloting their Android Lockscreen Platform in the US. Don't miss it!
ernest hamiltonExciting news! X plans to launch a Smart TV app for an immersive entertainment experience. Stay tuned!
ernest hamiltonT-Mobile unveils new 5G internet plans, promising enhanced home and travel connectivity for customers seeking high-speed internet on the go.
ernest hamilton