Android, Blackberry Scramble to Create Patches For Heartbleed

Android, Blackberry Scramble to Create Patches For Heartbleed image heartbleed matrix
Android, Blackberry Scramble to Create Patches For Heartbleed image heartbleed matrix

The internet security community has been shaken up by Heartbleed, the vulnerability in the OpenSSL software library announced earlier this month. It allows an attacker to steal information directly from memory space of an application. It also taps into heartbeats that an SSL/TLS connection generates. Any attacker can learn the private keys that are used to keep information security encrypted as it travels all over the internet. The major companies were ready with the update version that plugged the bug as soon as word got out. However, the scale of Heartbleed affected websites is huge. Two-thirds of the web is said to be affected. SSL encryption is very popular. Mobile devices have built in encryption as well. This allows you to log in safely. Mobile devices can also be affected. Apple stated that its iOS is safe from Heartbleed based attacks. This is not the case with all android devices.

“Heartbleed doesn’t affect iOS because Apple does not use the OpenSSL library.” Said Sanjay Patel, CEO of mobile app developer Perpetuating. “Android device manufacturers may have chosen to implement the OpenSSL library so it’s important to check the version of OpenSSL embedded into the Android OS. You can also check to see if “heartbeats” are disabled if your device uses a vulnerable version of android. ”

Google has said that nearly all versions AOSP from 4.1 and up contain a vulnerable version of OpenSSL. All heartbeats were tuned off except one. No one could attack these systems. Android 4.1.1 was the only that had the heartbeat feature turned on. Those devices are venerable. Some OEMs may have turned the heartbeat feature back on their phone’s software. This leaves them vulnerable as well. Here is a way to check your phone or any of the apps on it to see if it can be affected to a Heartbleed attack:

Security software company Bluebox quickly released a Heartbleed scanner, which is on the Google Play Store. This will quickly check if your device is safe or not. Bluebox also has a similar tool as well that can search for apps that are installed on your device. The tool looks for particular apps that have bundled their own version of OpenSSL and checks the version of the library for vulnerabilities.

If you find any apps that show a vulnerability, it is important that you report it on the Play Store. All you have to do is go to the app’s review section and send an email to the developers. The emails are supplied in the Play Store listing. You can continue using an app that has shown a vulnerability, but your information may not be all that secure.

Even though the risk is principally theoretical, it has centered attention on the security risk to android devices. These devices are running older versions of software. This software is abandoned by handset manufacturers and mobile operators. They have to process and pass on updates. These manufacturers typically supply updates for android devices for 18 months after their release. Android devices are vulnerable to this form of attack of smartphones in use. Apple does not use the vulnerable version OpenSSl on iPad or iPhone. Microsoft said that neither windows phone or windows is affected. The security firm lookout provides android security software. They generated a downloadable android app that lets people check whether their device is vulnerable as well.

Experts are also warning customers to be wary of emails appearing to be from popular sites as phishing scams asking users to reset passwords are expected to rise. DMARC email security company Agari recently warned, “Even when you see an email you believe to be legitimate, do not click on links within the email to reset your password. Instead, go directly to the site or service in question.” If you are still worried about what sites have been affected and which are okay, please visit Mashable’s Heartbleed Hit List or the Heartbleed information site.

This article was syndicated from Business 2 Community: Android, Blackberry Scramble to Create Patches For Heartbleed

More Tech articles from Business 2 Community: