If you’ve been following the news lately then you already know that the biggest concern right now regarding online security is the Heartbleed bug. This is a serious vulnerability that affects the open-source OpenSSL cryptography library that is widely used today. This security flaw allows cybercriminals to access protected information which they can use for monetary gains.
While the Heartbleed bug is commonly known to affect the server side by compromising the username and password of individuals it too can affect Android apps. These affected apps communicate with Heartbleed affected URLs which means that all communications to those URLs can possibly be compromised.
Trustlook, a company that deals with mobile security solutions, immediately studied the Heartbleed bug and published its scanning result that showed that there are apps currently available at the Google Play Store that are affected by the bug. In less than two days after the release of the results the company was able to release a security app called the HeartBleed Security Scanner which scans for any installed app on a device that may be affected by the bug.
The app is free to download and basically performs these functions
- Scan Heartbleed Risk for Phone and Tablet
- Detect Install application for Heartbleed Vulnerability
- Check external website has Heartbleed Risk
The company announced that “According to our scanning, we found 24 apps have accessed Heartbleed impacted URLs, which means all the data that app communicated with server are in danger of being compromised by hackers. We already marked those apps as “High Risk” in Trustlook Antivirus.”
What’s the best thing to do regarding this security issue? First of all don’t panic. While initial estimates place the number of servers worldwide affected by this bug at 60 percent the latest estimates place this at lower than 17.5 percent. This might still be a huge number of servers but its way lower than the initial estimate.
Since this is a security issue everyone who has an online account should be concerned about it. The solution to this is to simply change your passwords. While most of the major services such as Google and Yahoo have confirmed that they have already plugged the hole it is still best to change your passwords.
When dealing with passwords always make it as complicated as possible. Try to choose ne with at least 10 characters using upper and lower case characters in addition to numbers.
If you have a device running on at least Android 2.3 and are concerned about this security risk then it’s best to install this security app which can then be used to scan your device.