Almost two-thirds of the Web is vulnerable to Heartbleed-based attacks. This is regardless of the fact that major companies tried to address the problem by releasing updates. Considering the magnitude and severity of the problems that it can cause you and your business, you simply cannot afford to neglect or ignore this threat, especially if you use Android devices.
The whole Internet community was thrown into chaos as soon as word about Heartbleed leaked out. Major companies were quick to respond and released updates to counter Heartbleed. It is a threat that you need to be aware of.
How Heartbleed works
Heartbleed is a weakness in the OpenSSL software which allows any attacker to steal information directly from the memory space of an application. This information includes private keys which keep data securely coded as it travels in the Internet.
This problem may seem insignificant to some but it’s important to note that the kind of information that can be stolen may include login data and online financially related accounts like PayPal and other money transferring sites.
The extent of damage caused by Heartbleed
Given the popularity of OpenSSL, the extent of damage expected is high. In fact, it did not come as a surprise that this threat even reached mobile devices through installed mobile apps. This is because mobile apps have built-in encryption to allow users to log-in safely.
Smartphones and the Heartbleed threat
Apple has claimed that its iOS is safe and Heartbleed cannot cause any problem to iOS devices. The same cannot be said though for all Android devices. Google has admitted that almost all versions of Android from 4.1 up contain vulnerable versions of OpenSSL. These devices are relatively safe though since all but Android 4.1.1 had the heartbeat feature turned on by default. However, the possibility of some OEMs switching the heartbeat feature back on in their phones is not remote, making the threat still very much real for all.
Bluebox and the Bluebox Heartbleed Scanner
In response to this threat, security software company Bluebox has developed an app that can scan your phone, available on the Google Play Store. When the Android major master key vulnerability was discovered in the past it was also Bluebox that stepped in and released a similar tool to address the issue.
This latest scanner allows smartphone users to check their devices to see whether they are safe or not. The Bluebox Heartbleed Scanner looks for apps installed within a device that carry their own OpenSSL versions. In turn, it checks the versions of the library to see if heartbeat is enabled.
The user’s part in addressing the problem
It is important to remember that once the scanner has detected apps that show vulnerability, the user need to do two things. Firstly, you need to report this in the apps review section of Google Play Store. This warns other users of an app’s vulnerability. Secondly, you need to send an email to the developers. This notifies them and allows them to address this problem in their next update releases.
If you have any questions regarding the security of your devices, contact us today to see how we can help.