Heartbleed Bug: How to Protect Android Devices
Security researchers recently announced the discovery of the Heartbleed bug, a serious vulnerability in the OpenSSL cryptographic software library.
This vulnerability allows attackers to steal information protected by the SSL/TLS (Secure Sockets Layers/Transport Layer Security) encryption used to secure the internet.
The newly discovered bug allows anyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This comprises the secret keys used to identify the service providers and to encrypt the traffic, names, users' passwords and the actual content.
The OpenSSL fix has been released. But mobile devices running Android could also get affected by the Heartbleed bug. There are a few apps which can help Android users.
Hearbleed Detector
Lookout, the well known mobile security company, has developed Heartbleed Detector, an app that tells users if they are running a vulnerable version of Android on their mobile devices.
How does it work?
The app determines what version of OpenSSL an Android device is using and then checks if the Heartbleed bug is enabled.
The Heartbleed Detector does not fix the vulnerability as this will need to be patched by Google or the device manufacturer. But the app informs the user about the status of the device.
Lookout claims to have not seen the Heartbleed vulnerability on mobile devices, but users can get updated on the vulnerability of their Android devices with the app.
Google has been releasing patches for different versions of Android to OEMs, reports Redmond Pie. The OTA update (or expected ones) should fix the software flaw in the OpenSSL Heartbeat function. Meanwhile, Android mobile users may check with the Heartbleed Detector app to know if their device has been affected.
Download link for Heartbleed Detector from Play Store.
Bluebox Heartbleed Scanner
Bluebox Labs has also released an app called Heartbleed Scanner which scans the Android device and finds out if it is running a vulnerable version of OpenSSL. Besides, the Bluebox Heartbleed Scanner scans all the applications on a device and comes up with the ones containing their own OpenSSL library.
Here is the Play Store link to download the Bluebox Heartbleed Scanner.
© Copyright IBTimes 2024. All rights reserved.
