TechAdvisory.org

Technology Advice for Small Businesses

The Bluebox Heartbleed scanner

AndroidPhone_May06_CWith the advent of Heartbleed, Bluebox released the Bluebox Heartbleed Scanner, a tool that can help smartphone users see if they are vulnerable to the Heartbleed bug. Despite the fact that around two-thirds of the Web is vulnerable, nobody knows the full extent of the problems it has caused yet. The sooner you learn more about Bluebox the better you can protect yourself against the threat that it poses.

The whole Internet community was thrown into chaos as soon as word about Heartbleed leaked out. Major companies were quick to respond and released updates to counter Heartbleed. It is a threat that you need to be aware of.

How Heartbleed works

Heartbleed is a weakness in the OpenSSL software which allows any attacker to steal information directly from the memory space of an application. This information includes private keys which keep data securely coded as it travels in the Internet.

This problem may seem insignificant to some but it’s important to note that the kind of information that can be stolen may include login data and online financially related accounts like PayPal and other money transferring sites.

The extent of damage caused by Heartbleed

Given the popularity of OpenSSL, the extent of damage expected is high. In fact, it did not come as a surprise that this threat even reached mobile devices through installed mobile apps. This is because mobile apps have built-in encryption to allow users to log-in safely.

Smartphones and the Heartbleed threat

Apple has claimed that its iOS is safe and Heartbleed cannot cause any problem to iOS devices. The same cannot be said though for all Android devices. Google has admitted that almost all versions of Android from 4.1 up contain vulnerable versions of OpenSSL. These devices are relatively safe though since all but Android 4.1.1 had the heartbeat feature turned on by default. However, the possibility of some OEMs switching the heartbeat feature back on in their phones is not remote, making the threat still very much real for all.

Bluebox and the Bluebox Heartbleed Scanner

In response to this threat, security software company Bluebox has developed an app that can scan your phone, available on the Google Play Store. When the Android major master key vulnerability was discovered in the past it was also Bluebox that stepped in and released a similar tool to address the issue.

This latest scanner allows smartphone users to check their devices to see whether they are safe or not. The Bluebox Heartbleed Scanner looks for apps installed within a device that carry their own OpenSSL versions. In turn, it checks the versions of the library to see if heartbeat is enabled.

The user’s part in addressing the problem

It is important to remember that once the scanner has detected apps that show vulnerability, the user need to do two things. Firstly, you need to report this in the apps review section of Google Play Store. This warns other users of an app’s vulnerability. Secondly, you need to send an email to the developers. This notifies them and allows them to address this problem in their next update releases.

If you have any questions regarding the security of your devices, contact us today to see how we can help.