150M Android Apps Still Susceptible to Heartbleed
April 24, 2014 12:48 PM
comment(s) - last by
Researchers say that some of the 17 apps for Android claiming to search for Heartbleed are fake
Heartbleed has been an
interesting topic of discussion for the past few weeks
. Just last week, a
19-year-old Canadian was arrested
for allegedly hacking into the Canada Revenue Agency (CRA) portal by using Heartbleed.
Word has now surfaced that Heartbleed may be ready to cause a significant problem for Android users. Reports indicate that 150 million Android apps are vulnerable to Heartbleed. Security researchers say that while there are 17 Android apps that are able to scan for Heartbleed, at least six of that number use methods of scanning that are insufficient.
The findings came from
researchers Yulong Zhang, Hui Xue and Tao Wei. The researchers wrote, "For the Android platform, we find that roughly 150M downloads of Android apps contain OpenSSL libraries vulnerable to Heartbleed."
Some versions of Android aren’t vulnerable to Heartbleed, including Jelly Bean 4.1 and 4.1.1, since they don't use OpenSSL or use it in a way where the flawed features susceptible to Heartbleed are disabled by default.
Most of the apps that are vulnerable are games according to the researchers.
On the plus side, the number of apps vulnerable to Heartbleed has declined according to the researchers since April 10 when 220 million were estimated to be vulnerable.
This article is over a month old, voting and posting comments is disabled
4/28/2014 5:20:01 AM
Apps themselves can not be vulnerable. I am quite certain they would not contain statically linked openssl libraries, they would either load a OS-provided dynamic library or more likely just use some some wrapper APIs from the OS. In either case, the app itself is not at fault. Update the OS.
"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs
Mounties Arrest 19-Year-Old Who Delayed Canada's Tax Filing w/ Heartbleed
April 17, 2014, 3:24 PM
EFF: NSA May Have Used IRC Botnets to Exploit Heartbleed for Last Two Years
April 14, 2014, 4:43 PM
Target Missed Early Warning Signs of Holiday Data Breach
March 13, 2014, 1:45 PM
Apple Adds New Password Protection for Third Party iCloud Apps
September 17, 2014, 8:50 PM
Facebook Tests Moments App, Aims to Keep Your Private Memories Private
September 17, 2014, 5:46 PM
Russian Hackers Compile List of 10+ Million Stolen Gmail, Yandex, Mailru
September 11, 2014, 11:41 AM
House Minority Leader Pelosi Criticizes FCC's "Fast-Lane" Net Neutrality Plan
September 9, 2014, 4:15 PM
Smarter Than Siri? Cortana Adds Game NFL Game Winner Prediction
September 3, 2014, 4:12 PM
Apple Says Nude Celebrity Photo Dump Wasn’t Result of iCloud, Find My iPhone Breach
September 2, 2014, 3:26 PM
Most Popular Articles
Quick Note: Buy an Xbox One Sept 7-13, Get a Free Game
September 4, 2014, 10:42 AM
Apple Announces Its Smartwatch: The $349 Apple Watch
September 9, 2014, 2:09 PM
Dell Announces "World's Thinnest" Tablet: The Venue 8 7000 Series
September 11, 2014, 8:51 AM
Windows 9's Latest Metro Start Menu Leaks, German Site Accidentally Outs Leaker
September 11, 2014, 8:36 PM
T-Mobile Launches Un-carrier 7.0, Beefs Up Wi-Fi Calling
September 11, 2014, 2:56 PM
Latest Blog Posts
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information