Archives for

Heartbleed Bug

Android 4.1.1 Devices Vulnerable To Heartbleed Bug

The recent discovery of a security flaw affecting OpenSSL, a data encryption standard, could allow hackers to get our personal data from the services we use every day from sites that we think are secure. The Heartbleed bug is not a bug in an app that can simply be updated to fix it. It actually affects the servers that transmit secure information and has affected sites such as Facebook, Instagram, Google, Yahoo Mail, and more. Most of the popular websites have already issued patches to protect its users.

heartbleed bug

While most of the attention lies in computers, those who are using the Android operating system are also affected by the Heartbleed security bug. Smartphones and tablets running on Android 4.1.1 in particular are vulnerable to the bug.

Google announced on its online security blog that “All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners). We will continue working closely with the security research and open source communities, as doing so is one of the best ways we know to keep our users safe.”

Google has not given any figures on exactly how many devices around the world are running on Android 4.1.1 however the company’s latest figure places the number of devices running on Android 4.1.X Jelly Bean at 34.4 percent. This places the estimate in the millions of units running on this version. Popular manufacturers such as Samsung, HTC, and Sony just to name a few have released devices running on this version of Android.

While most of the Internet properties worldwide have already issued a fix to the Heartbleed bug it is not easy to do on Android devices. Even if Google has already released a patch it will still take some time to arrive on the affected devices since it depends on the device manufacturer or the wireless carrier to push the update.

This has been one of the constant problems of the Android system as updates take a long time to arrive (except of course for Nexus devices).

Verizon Wireless made a statement regarding this issue stating that “Verizon is aware of the OpenSSL security vulnerability referred to as ‘Heartbleed,’ and we are working with our device manufacturers to test and deploy patches to any affected device on our network running Android 4.1.1. Other mobile operating systems we offer are not affected by this vulnerability and we have no reason to believe that the issue has resulted in any compromise of Verizon customer accounts, websites, or data.”

via googleonlinesecurity