Click to Skip Ad
Closing in...
  1. Prime Day Deals
    11:01 Deals

    Check these early Prime Day deals with prices so low, it’s like Amazon made a mistak…

  2. Amazon Deals
    07:59 Deals

    10 deals you don’t want to miss on Sunday: Free $25 Amazon credit, $230 Windows 10 l…

  3. Mattress Topper Amazon
    14:44 Deals

    33,000 Amazon shoppers say this mattress topper deserves 5 stars – today it’s…

  4. Best Smart Home Devices 2021
    08:45 Deals

    10 smart home devices on Amazon you’ll wonder how you ever lived without

  5. Prime Day Deals
    07:58 Deals

    Amazon has 10 new early Prime Day deals you need to see to believe




Why Heartbleed could be much worse for Android users

April 16th, 2014 at 2:14 PM
Heartbleed Android 4.1.1 Jelly Bean

Even though Google does not have a Heartbleed problem, particularly since the company has known about the OpenSSL bug a month before everyone else, a large number of Android users may still be at risk, The Guardian reports. And that’s not because Google has not patched the security flaw, but rather because Heartbleed indirectly benefits from several factors.

For starters, Heartbleed only affects one version of Android and that’s the “old” Android 4.1.1. However, that also happens to be a very popular Android version running on Android phones, with as many as 50 million users running it on their current devices. The number comes from analytics firm Chitika, although Google is only saying that “less than 10%” of Android devices activated worldwide are actually at risk. According to Google’s recent Android distribution numbers, Jelly Bean runs on 34.4% of Android devices that communicate with the Google Play Store, but that number includes Jelly Bean versions from Android 4.1 to Android 4.3.

Affected devices are apparently “vulnerable to a hack described as ‘reverse Heartbleed’ — where a malicious server would be able to exploit the flaw in OpenSSL to grab data from the phone’s browser, which could include information about part sessions and logins,” according to The Guardian.

Even though Google has patched the OpenSSL issue and pushed a fix to OEMs and carriers, these two parties aren’t known for delivering fast Android updates of any kind. Therefore users will get the fix much later.

Security firm Lookout has developed an Android app that lets people check whether their Android device is vulnerable. The company tells The Guardian that more than 80% of people running Android 4.1.1 who have shared data with Lookout so far have been exposed to attacks.

The good news for Android 4.1.1 device owners is that it doesn’t look like hackers are trying to take advantage of the security issue at the moment. Furthermore, Lookout’s principal security researcher Marc Rogers told Bloomberg that a Heartbleed-based attack against Android would be a complex task.

“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” he said.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.




Popular News