,

Bluebox Heartbleed Scanner Checks Your Android Device For OpenSSL Vulnerabilities

The latest news that is causing quite a stir on the Internet lately is the discovery of the Heartbleed bug. This security vulnerability affects the OpenSSL software library and allows a hacker to steal information directly form an application. What’s even more astounding is that this vulnerability has been in existence for two years now which has a lot of people concerned.

heartbleed bug

Android users are not exempt from the Heartbleed bug as Google announced that devices running on Android 4.1.1 are vulnerable. If you own any device running on this platform then your best course of action is to find out if a software update is already available. Unfortunatley, software updates on Android devices do not come immediately unless you are using a Nexus device or a Google Play edition device. So what’s the next best thing to do in order to protect your data from being stolen?

You could get the Bluebox Heartbleed Scanner which is now available for free at the Google Play store. This app does not fix the Heartbleed bug however it can do the next best thing which is to scan your device for any app that uses a version of the OpenSSL that is vulnerable to the bug. According to Bluebox “Android devices ship with OpenSSL library by default. In addition, many apps will bundle their own copy of the library. The Bluebox Heartbleed Scanner from Bluebox Labs will check all of these copies and let you know if any appear to be vulnerable to the Heartbleed vulnerability.”

Bluebox also announced that “Bluebox has released a tool into the Google Play store called Heartbleed Scanner. The application will scan your device and recognize if your are running a vulnerable version of OpenSSL.  We currently only recognize the version reported back from OpenSSL to check for possible vulnerability.  Additionally we scan all of the applications on your device and present you with ones that contain their own openssl library — you should follow up with those app developers to confirm they are using a safe version of OpenSSL.”

The app does not need any permissions to run and is has only a 35kb file size. Once installed, you can let it scan your device and in a few seconds it will list down the apps that uses a version of the OpenSSL library (1.0.1 through 1.0.1f) and if heartbeats is enabled.  In my case I let it scan my smartphone and the only app that it found that was vulnerable was the Facebook app.

2014-04-12-04-57-56

Once the results are in it is up to you to either uninstall the affected app, not use it, or check and see if there is any new update that may have already plugged the vulnerability.

via google play