Pharos-Tribune

Community News Network

April 11, 2014

Millions of Android phones, tablets vulnerable to Heartbleed bug

SAN FRANCISCO — Millions of smartphones and tablets running Google's Android operating system have the Heartbleed software bug, in a sign of how broadly the flaw extends beyond the Web and into consumer devices.

While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the "limited exception" was one version dubbed 4.1.1, which was released in 2012.

Security researchers said that version of Android is still in use in millions of smartphones and tablets, including in popular models made by Samsung, HTC and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software and the company has said more than 900 million Android devices have been activated worldwide.

The Heartbleed vulnerability was made public earlier this week and can expose people to hacking of their passwords and other sensitive information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said. Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.

"One of the major issues with Android is the update cycle is really long," said Michael Shaulov, chief executive officer and co-founder of Lacoon Security, a cyber-security company focused on advanced mobile threats. "The device manufacturers and the carriers need to do something with the patch, and that's usually a really long process."

Christopher Katsaros, a spokesman for Mountain View, Calif.-based Google, confirmed there are millions of Android 4.1.1 devices. He pointed to an earlier statement by the company, in which it said it has "assessed the SSL vulnerability and applied patches to key Google services."

It's unclear whether other mobile devices are vulnerable. Apple Inc. and Microsoft Corp. didn't respond to messages for comment.

The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites. The bug, which lets hackers silently extract data from computers' memory, and a fix for it were announced simultaneously on April 7.

The reach of the vulnerability continues to widen as Cisco Systems Inc. and Juniper Networks Inc. said yesterday that some of their networking-gear products are affected and will be patched. The Canadian government has ordered websites operated by the federal government that use the vulnerable version of OpenSSL to be taken offline until they can be fixed.

The vast majority of large companies protected their systems immediately and the push is now on to make smaller companies do the same, said Robert Hansen, a specialist in Web application security and vice president of the advanced technologies group of WhiteHat Security Inc.

Hackers have been detected scanning the Internet looking for vulnerable servers, especially in traffic coming from China, though it's difficult to know how many have been successful, said Jaime Blasco, director of AlienVault Labs, part of AlienVault. Many attempts have hit dead ends, Blasco said.

More than 80 percent of people running Android 4.1.1 who have shared data with mobile security firm Lookout Inc. are affected, said Marc Rogers, principal security researcher at the San Francisco-based company. Users in Germany are nearly five times as likely as those in the U.S. to be affected, probably because there is a device that uses that version of Android that is popular there, Rogers wrote in an email.

Still, there are no signs that hackers are trying to attack Android devices through the vulnerability as it would be complicated to set up and the success rate would be low, Rogers said. Individual devices are less attractive to go after because they need to be targeted one by one, he said.

 "Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don't expect to see any attacks against devices until after the server attacks have been completely exhausted," Rogers wrote in an email.

 

1
Text Only | Photo Reprints
Community News Network
  • Why a see-through mouse is a big deal for scientists

    A group of Caltech researchers announced in Cell Thursday their success in making an entire organism transparent. Unfortunately, this isn't any kind of "Invisible Man" scenario: The organism in question is a mouse, and the mouse in question is quite dead.

    July 31, 2014

  • Screen Shot 2014-07-31 at 2.12.55 PM.png VIDEO: Five-year-old doesn't want her brother to grow up

    Sadie, an adorable 5-year-old from Phoenix, wants her brother to stay young forever, so much so that her emotional reaction to the thought of him getting older has drawn more than 10 million views on YouTube.

    July 31, 2014 1 Photo

  • lockport-police.jpg Police department turns to Facebook for guidance on use of 'negro'

    What seems to be a data entry mistake by a small town police department in western New York has turned into a social media firestorm centered around the word "negro" and whether it's acceptable to use in modern society.

    July 31, 2014 3 Photos

  • The virtues of lying

    Two computational scientists set out recently to simulate the effects of lying in a virtual human population. Their results, published in the Proceedings of the Royal Society B, show that lying is essential for the growth of a cohesive social network.

    July 31, 2014

  • Sunburn isn't the only sign of summer that can leave you itchy and blistered

    You've got a rash. You quickly rule out the usual suspects: You haven't been gardening or hiking or even picnicking, so it's probably not a plant irritant such as poison ivy or wild parsnip; likewise, it's probably not chiggers or ticks carrying Lyme disease; and you haven't been swimming in a pond, which can harbor the parasite that causes swimmer's itch.

    July 30, 2014

  • Survey results in legislation to battle sexual assault on campus

    Missouri U.S. Sen. Claire McCaskill joined a bipartisan group of senators Wednesday to announce legislation that aims to reduce the number of sexual assaults on college campuses.

    July 30, 2014

  • An alarming threat to airlines that no one's talking about

    It's been an abysmal year for the flying public. Planes have crashed in bad weather, disappeared over the Indian Ocean and tragically crossed paths with anti-aircraft missiles over Ukraine.

    July 30, 2014

  • Sharknado.jpg Sharknado 2 set to attack viewers tonight

    In the face of another "Sharknado" TV movie (the even-more-inane "Sharknado 2: The Second One," premiering Wednesday night on Syfy), there isn't much for a critic to say except to echo what the characters themselves so frequently scream when confronted by a great white shark spinning toward them in a funnel cloud:
    "LOOK OUT!!"

    July 30, 2014 1 Photo

  • 20140729-AMX-GIVHAN292.jpg Spanx stretches into new territory with jeans, but promised magic is elusive

    The Spanx empire of stomach-flattening, thigh-slimming, jiggle-reducing foundation garments has expanded to include what the brand promises is the mother of all body-shaping miracles: Spanx jeans.

    July 29, 2014 1 Photo

  • Medical marijuana opponents' most powerful argument is at odds with a mountain of research

    Opponents of marijuana legalization are rapidly losing the battle for hearts and minds. Simply put, the public understands that however you measure the consequences of marijuana use, the drug is significantly less harmful to users and society than tobacco or alcohol.

    July 29, 2014

Hyperlocal Search
Premier Guide
Find a business

Walking Fingers
Maps, Menus, Store hours, Coupons, and more...
Premier Guide
Poll

Should the U.S. impose a travel ban on three West African nations in response to a growing Ebola virus outbreak?

Yes
No
Not sure
     View Results
Featured Ads
AP Video
Netanyahu Vows to Destroy Hamas Tunnels Obama Slams Republicans Over Lawsuit House Leaders Trade Blame for Inaction Malaysian PM: Stop Fighting in Ukraine Cantor Warns of Instability, Terror in Farewell Ravens' Ray Rice: 'I Made a Huge Mistake' Florida Panther Rebound Upsets Ranchers Small Plane Crash in San Diego Parking Lot Busy Franco's Not Afraid of Overexposure Fighting Blocks Access to Ukraine Crash Site Dangerous Bacteria Kills One in Florida Workers Dig for Survivors After India Landslide Texas Scientists Study Ebola Virus Smartphone Powered Paper Plane Debuts at Airshow Southern Accent Reduction Class Cancelled in TN
Parade
Magazine

Click HERE to read all your Parade favorites including Hollywood Wire, Celebrity interviews and photo galleries, Food recipes and cooking tips, Games and lots more.