Bloomberg Anywhere Login

Bloomberg

Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.

Company

Financial Products

Enterprise Products

Media

Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000

Communications

Industry Products

Media Services

Follow Us

Bleeding

Heartbleed: Android Phones Still at Risk for Data Breach


The Internet security world mobilized to tackle the Heartbleed software bug. But although most of the holes have been patched, a big one remains: Millions of smartphones still operate on Android version 4.1.1, which remains vulnerable to hackers exploiting a design flaw in the bedrock encryption software OpenSSL. It’s a good time to check what your phone is running.

The bug and its repairs were announced on April 7. A week later, however, phones and tablets running on Android 4.1.1 remain at risk. More than a third of the 900 million mobile devices running Android use the 4.1 “Jellybean” version, which Google (GOOG) released in mid-2012. Version 4.2 replaced the 4.1 variations later that year.

The company says less than 10 percent of active Android devices are vulnerable to the Heartbleed flaw. That still means millions of people have a device that remains unprotected, as our colleagues at Bloomberg News report. “The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” Michael Shaulov, chief executive and co-founder of Lacoon Security, tells Bloomberg. To date, hackers have mostly focused their efforts on servers using OpenSSL protocols and not on individual devices. Such a labor-intensive effort would require targeting each phone or tablet separately to exploit the bug and potentially steal data.

Still, it’s best not to give them the option. BlackBerry (BBRY) plans to release Heartbleed security updates for two of its products: BBM messaging for Android and Apple’s (AAPL) IOS and its Secure Work Space corporate e-mail software.

Bachman is an associate editor for Businessweek.com.

LIMITED-TIME OFFER SUBSCRIBE NOW
 
blog comments powered by Disqus