Shelbyville Daily Union

Community News Network

April 11, 2014

Millions of Android phones, tablets vulnerable to Heartbleed bug

SAN FRANCISCO — Millions of smartphones and tablets running Google's Android operating system have the Heartbleed software bug, in a sign of how broadly the flaw extends beyond the Web and into consumer devices.

While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the "limited exception" was one version dubbed 4.1.1, which was released in 2012.

Security researchers said that version of Android is still in use in millions of smartphones and tablets, including in popular models made by Samsung, HTC and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software and the company has said more than 900 million Android devices have been activated worldwide.

The Heartbleed vulnerability was made public earlier this week and can expose people to hacking of their passwords and other sensitive information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said. Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.

"One of the major issues with Android is the update cycle is really long," said Michael Shaulov, chief executive officer and co-founder of Lacoon Security, a cyber-security company focused on advanced mobile threats. "The device manufacturers and the carriers need to do something with the patch, and that's usually a really long process."

Christopher Katsaros, a spokesman for Mountain View, Calif.-based Google, confirmed there are millions of Android 4.1.1 devices. He pointed to an earlier statement by the company, in which it said it has "assessed the SSL vulnerability and applied patches to key Google services."

It's unclear whether other mobile devices are vulnerable. Apple Inc. and Microsoft Corp. didn't respond to messages for comment.

The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites. The bug, which lets hackers silently extract data from computers' memory, and a fix for it were announced simultaneously on April 7.

The reach of the vulnerability continues to widen as Cisco Systems Inc. and Juniper Networks Inc. said yesterday that some of their networking-gear products are affected and will be patched. The Canadian government has ordered websites operated by the federal government that use the vulnerable version of OpenSSL to be taken offline until they can be fixed.

The vast majority of large companies protected their systems immediately and the push is now on to make smaller companies do the same, said Robert Hansen, a specialist in Web application security and vice president of the advanced technologies group of WhiteHat Security Inc.

Hackers have been detected scanning the Internet looking for vulnerable servers, especially in traffic coming from China, though it's difficult to know how many have been successful, said Jaime Blasco, director of AlienVault Labs, part of AlienVault. Many attempts have hit dead ends, Blasco said.

More than 80 percent of people running Android 4.1.1 who have shared data with mobile security firm Lookout Inc. are affected, said Marc Rogers, principal security researcher at the San Francisco-based company. Users in Germany are nearly five times as likely as those in the U.S. to be affected, probably because there is a device that uses that version of Android that is popular there, Rogers wrote in an email.

Still, there are no signs that hackers are trying to attack Android devices through the vulnerability as it would be complicated to set up and the success rate would be low, Rogers said. Individual devices are less attractive to go after because they need to be targeted one by one, he said.

 "Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don't expect to see any attacks against devices until after the server attacks have been completely exhausted," Rogers wrote in an email.

 

1
Text Only
Community News Network
  • The Simpsons still going strong

    The groundbreaking animation first hit the air Dec. 17, 1989, but the family first appeared on television in "The Tracey Ullman Show" short "Good Night" on April 19, 1987.

    August 21, 2014

  • Police chief resigns over racial slur repost to Facebook

    A repost on his personal Facebook page of a racially-charged comment by the original poster of a comedy video has forced the police chief of an Oklahoma city to resign his office.

    August 21, 2014

  • Does Twitter need a censor?

    Twitter decided last year to make images more prominent on its site. Now, the social network is finding itself caught between being an open forum and patrolling for inappropriate content.

    August 21, 2014

  • sleepchart.jpg America’s sleep-deprived cities

    Americans might run on sleep, but those living in the country's largest cities don't appear to run on much.

    August 20, 2014 1 Photo

  • Who should pay for your kids ACT?

    Thirteen states paid for 11th-grade students in all public high schools to take the ACT college admission test this year, with several more planning to join them in 2015.

    August 20, 2014

  • Pets.jpg Why do people look like their pets?

    As much as we might quibble over the virtues and vices of Canis domesticus, however, and over whether human nature is any better or worse than dog nature, even dog fanciers don't usually want to look like a dog.

    August 20, 2014 1 Photo

  • Ice bucket challenge trending up

    Internet trends are a dime a dozen these days. Everything from Tebowing to planking to the cinnamon challenge can cause a wave of social media activity that can last for weeks before fizzling out.

    August 19, 2014

  • Africa goes medieval in its fight against Ebola

    As the Ebola epidemic claims new victims at an ever-increasing rate, African governments in Sierra Leone, Guinea and Liberia have instituted a "cordon sanitaire," deploying troops to forcibly isolate the inhabitants in an area containing most of the cases.

    August 18, 2014

  • Democrat? Republican? There's an app for that

    If you're a Republican, you might want to think twice before buying Lipton Iced Tea, and forget about Starbucks coffee. If you're a Democrat, put down that Reese's Peanut Butter Cup, and throw away the cylinder of Quaker Oats in your pantry.

    August 18, 2014

  • Five myths about presidential vacations

    In the nuclear age, presidents may have only minutes to make a decision that could affect the entire world. They don't so much leave the White House as they take a miniature version of it with them wherever they go.

    August 15, 2014

Featured Ads
AP Video
Japan Landslide Rescuers Struggle in Heavy Rain Raw: Severe Floods, Fire Wrecks Indiana Homes Endangered Red Wolves Face Uncertain Future Raw: Russian Aid Convoy Arrives in Ukraine Hamm Talks Emmy Chances Okla. Policeman Accused of Sex Assaults on Duty Raw: Egypt Bus Crash Kills at Least 33 Two Bodies Found in Adjacent Yards Dominican Republic Bans Miley Cyrus Concert Raw: Israeli Air Strike in Gaza Raw: Rescue Efforts Suspended at Japan Landslide Raw: Bodies of MH17 Victims Arrive in Malaysia Raw: Smaller Marches in Ferguson Attorney: Utah Eatery Had Other Chemical Burn Farm Resurgence Grows With Younger Crowd Microbrewery Chooses Special Can for Its Beer Ky. Firefighters Hurt in Ice Bucket Challenge Federal Investigation Will Look at Use of Force Community Deals With Michael Brown Aftermath US: We Do Not Pay Ransom to Terrorists
Poll

Should the minimum wage for workers be raised in Illinois?

Yes
No
     View Results
Hyperlocal Search
Premier Guide
Find a business

Walking Fingers
Maps, Menus, Store hours, Coupons, and more...
Premier Guide
Helium debate
Helium