Is your device vulnerable to Heartbleed?
Are concern about the heartbleed? Security company Lookout has released a free app called “Heartbleed Detector” to help verify if your Android device is at risk.
First question first, What is heartbleed?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
What versions of the OpenSSL are affected?
Status of different versions:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
The bug is not affecting most devices, however, Google admitted that devices running Android 4.1.1, otherwise known as Jelly Bean, can be at risk.
This Android app, Heartbleed Detector scans your device and lets you know if it has been affected by the Heartbleed bug.
Heartbleed Detector will show green if your device is fine:
If your device has been affected by the Heartbleed bug, but it’s inactive, it will show you this screen:
And if your device isn’t OK, it will show you this screen:
Unfortunately if your device has in fact been affected, there’s nothing much you can do about it other than wait for a fix to be released.