Andoid Found Vulnerable To Heartbleed Bug
|Tuesday, 15 April 2014|
Android Found Vulnerable To Heartbleed Bug
It seems every day since its April 7th public release date, more information is coming to light on the Open SSL "Heartbleed" vulnerability. "Heartbleed" is the name given to a flaw found in certain versions of the OpenSSL software. Lookout Security, a major provider of Android security software, said Android phones and devices running version 4.1.1 are open to attack. While this is an older versions of Android, a little more than 30% of all Android devices are still on version 4.1.1.
The Android exploit works by injecting malicious traffic into the web browser and pulling information from the memory of any other open browser tabs. This can include secure usernames and passwords for sites like e-mail and online banking. Fortunately the way Android is developed there is no way to pull information from outside the browser, but this still opens up tens of thousands of handsets to attack.
Lookout has developed a free Android application, Heartbleed Detector, which users can install on ther Android devices. The app will scan for vulnerabilities related to Heartbleed and let you know if your device is at risk. It is recommended that anybody with Android devices running version 4.1.1 use alternative means of logging into secure sites until updates are available that fix this bug.
The Heartbleed Detector in action
|Last Updated ( Tuesday, 15 April 2014 )|
|< Prev||Next >|