Millions of smartphones and tablets running Google Inc.’s Android operating system have the Heartbleed software bug. Google had earlier confirmed that all versions of Android are immune to the flaw. However, it did reveal that “limited exception is one version dubbed 4.1.1, which was released in 2012”.
Thankfully Google has already readied the patch and it is expected to be released via OTA (Over The Air) updates soon. However, till the updates start flowing, everyone who is on Android Jelly Bean v4.1.1 are dangerously vulnerable to having their sensitive data easily tapped–into and stolen, including, photos, emails, SD card contents and other login information that may have been stored. If the version’s susceptibility is not bad enough, software security agencies are cautioning that a high number of apps too, are in the danger zone and can be easily exploited to tap into the phone’s data.
Interestingly, BlackBerry, the company which has always prided itself on offering the highest standards of security, has its BBM (BlackBerry Messenger) for iOS and Android reported to be poorly fortified against Heartbleed and may be easily crippled. However, in an disturbing announcement, the Canadian firm has said that it will not issue a fix until Friday, but attempted to alleviate customers’ concerns by saying there was only an “extremely small” risk of hackers exploiting the bug to steal its customers’ data.
One specific version of Android being vulnerable may not be alarming. By Google’s own admission, less than 10% of Android based devices run on version 4.1.1. However, there are over 1 Billion devices in circulation. That means Heartbleed vulnerability still exists in about 10 Million devices and that is really disquieting, reported BBC.
Google, in its nonchalant manner, also said devices that are vulnerable to Heartbleed can and users should protect themselves, simply by upgrading the core Operating System (OS). But, owing to hardware limitations or smartphone makers’ inability to test and release updates for their devices mean many of the devices are permanently stuck at the specific Android version they were released on. Chinese brands have been notorious to release such handsets that never receive OS updates.
Users of Android worried about apps can head to Trend Micro’s blog to check which apps are vulnerable to the Heartbleed bug. Interestingly, the number has been coming down strongly, indicating the vulnerability may soon be eradicated.
[Image Credit | myfox8]