150M Android Apps Still Susceptible to Heartbleed
April 24, 2014 12:48 PM
comment(s) - last by
Researchers say that some of the 17 apps for Android claiming to search for Heartbleed are fake
Heartbleed has been an
interesting topic of discussion for the past few weeks
. Just last week, a
19-year-old Canadian was arrested
for allegedly hacking into the Canada Revenue Agency (CRA) portal by using Heartbleed.
Word has now surfaced that Heartbleed may be ready to cause a significant problem for Android users. Reports indicate that 150 million Android apps are vulnerable to Heartbleed. Security researchers say that while there are 17 Android apps that are able to scan for Heartbleed, at least six of that number use methods of scanning that are insufficient.
The findings came from
researchers Yulong Zhang, Hui Xue and Tao Wei. The researchers wrote, "For the Android platform, we find that roughly 150M downloads of Android apps contain OpenSSL libraries vulnerable to Heartbleed."
Some versions of Android aren’t vulnerable to Heartbleed, including Jelly Bean 4.1 and 4.1.1, since they don't use OpenSSL or use it in a way where the flawed features susceptible to Heartbleed are disabled by default.
Most of the apps that are vulnerable are games according to the researchers.
On the plus side, the number of apps vulnerable to Heartbleed has declined according to the researchers since April 10 when 220 million were estimated to be vulnerable.
This article is over a month old, voting and posting comments is disabled
Please, educate yourself!
4/24/2014 5:48:12 PM
The only version of android that is vulnerable is 4.1.1. AND, in order to be hacked by it, you have to have some sort of cross scripting attack done on the included android browser in another tab, which btw, is not included by default anymore after 4.0.3.
You can't have a cross attack in an app because there isn't anything there to take a peak, and all apps are sandboxed in their own accounts so each app can't talk to each other.
The people who need to worry are the major websites who used openssl on their web servers, and the users of them should change their passwords after they hopefully trashed their old certificates.
"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation
Mounties Arrest 19-Year-Old Who Delayed Canada's Tax Filing w/ Heartbleed
April 17, 2014, 3:24 PM
EFF: NSA May Have Used IRC Botnets to Exploit Heartbleed for Last Two Years
April 14, 2014, 4:43 PM
Target Missed Early Warning Signs of Holiday Data Breach
March 13, 2014, 1:45 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Quick Note: Amazon UK Offers £10 Back on Any Order £50 or Over
August 3, 2015, 12:05 PM
Editorial: Reddit Allows Itself to be Hijacked as a Hate Platform For Racist Bigots
July 21, 2015, 6:32 PM
Mozilla and Facebook to Adobe: It's Time to Kill Flash
July 20, 2015, 6:30 PM
Instagram Bans "Curvy" From Hashtag Searches, Provokes "Plus Sized" Outrage
July 16, 2015, 1:20 PM
Mozilla Promise Punctual Windows 10 Firefox Release, Teases at iOS Arrival
July 7, 2015, 3:08 PM
Most Popular Articles
Microsoft Band 2 Stays Focused on Fitness, Debuts Oct. 30, Priced at $249
October 6, 2015, 9:16 PM
Microsoft's HD-500 ("Display Dock"), the Magic Sauce Behind Continuum
October 6, 2015, 5:30 PM
Microsoft Lumia 950 and 950 XL Finally Launch, w/ Windows 10, Liquid Cooling
October 6, 2015, 3:35 PM
Legere Blasts Microsoft for "Bull***t" Snub of T-Mobile and Verizon
October 9, 2015, 3:02 PM
Apple's First Fixes to iOS 9 Land w/ iOS 9.0.1 Release
September 23, 2015, 6:11 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information