& cplSiteName &

Mobile Apps Susceptible to Heartbleed, Too

Sarah Thomas
4/14/2014
50%
50%

It's not just Internet infrastructure that's susceptible to Heartbleed, one of the most pervasive OpenSSL security threats in some time. Mobile apps may also be at risk, and several firms are offering warnings and patches to safeguard consumer phones.

The Heartbleed bug is a software flaw discovered last week in the OpenSSL "Heartbeats" function that helps keep secure Internet connections alive. The bug could potentially let cyber criminals steal endless amounts of personal data.

While concern was initially for vulnerable websites, researchers are now warning that both Google (Nasdaq: GOOG) and Apple Inc. (Nasdaq: AAPL)'s mobile operating systems could be at risk as well. As such, BlackBerry said on Monday that it would release security updates for its messaging software on Android and iOS devices by the end of the week.

BlackBerry devices themselves don't use the at-risk software, but the company tells Reuters it needs to update its Secure Work Space corporate email and BBM messaging program that are in use on Android and iOS. The risk level may be relatively low, but the company says it could infect those who use the apps either on WiFi or over the cellular network.

Technically, any app that uses the OpenSSL code is susceptible to the Heartbleed bug. Mobile security provider Lookout has put out a Heartbleed Detector app that, when downloaded by a mobile phone user, can determine what version of OpenSSL the device is using and check to see if the vulnerable feature in Hearbeats is enabled. It can't do anything about it -- that's up to Google or the device maker -- but it does alert consumers to the potential for harm.

Since the bug was unearthed, there haven't been reports of widespread damage, but it could only be a matter of time. In the meantime, companies from operators to network equipment makers to software providers are working hard to develop patches and upgrades so consumers aren't affected. (See Cisco, Juniper Treating Gear Against Potential Heartbleed and Eurobites: Telenor Counters Heartbleed Threat.)

Lookout suggests that consumers should also change their passwords, but not until told to by their individual service providers, as the vulnerability pulls data from the active memory of the affected systems, so any attackers might still have access to a new password as well.

— Sarah Reedy, Senior Editor, Light Reading

(14)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Page 1 / 2   >   >>
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/18/2014 | 3:27:03 PM
Lookout Data

Lookout has new data out from the 10,000 people who downloaded its app and agreed to share their results:

-- "Devices running Android 4.1.1 are predominantly the ones that are vulnerable, but there are also a handful running 4.2.2

-- The Evo, HTC One S and HTC One X are the 3 most popular vulnerable smartphones

-- Regions of the world vary in their level of risk. 

Here you'll find a slideshare which includes full details and the next steps on what to do if your device is vulnerable."

Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/17/2014 | 12:42:43 PM
Wireless okay
More updates today from AT&T, SPrint, Verizon and T-Mobile suggest they have not been affected and are taking the necessary precautions, so rest easy (but not TOO easy). 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/16/2014 | 4:33:56 PM
Re: More malware
I know, right?! EVERYBODY PANIC!!

According to that most reliable of sources, Some Guy On Reddit, iOS doesn't use OpenSSl and is therefore not susceptible, although apps might be susceptible. 
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/15/2014 | 6:28:25 PM
Re: More malware
Of course, that makes sense, just like PR people latch on to events ilke this to pitch semi-related companies. I'd hope FireEye isn't making up viruses though...seems like new strands are found every day.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/15/2014 | 6:27:15 PM
Re: More malware
Thanks for the heads up, Malcom. I hope Apple issues that patch soon too.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/15/2014 | 6:26:10 PM
Re: More malware
Yikes, I guess it's starting then.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/15/2014 | 4:50:07 PM
Re: More malware
Attackers used Heartbleed to break into the Canada Revenue Agency.
Phil_Britt
50%
50%
Phil_Britt,
User Rank: Light Sabre
4/15/2014 | 2:48:01 PM
Re: More malware
To me the FireEye notification seems to be somewhat self-serving. McAfee also sent out notices, but also said that their software is not designed to protect against this type of vulnerability. It's good to get notices out, but I'm cautious any time the notice comes from someone seeking to sell a solution.
MalcolmTucker
50%
50%
MalcolmTucker,
User Rank: Light Beer
4/15/2014 | 2:39:12 PM
Re: More malware
I was performing some research into this.  Apparently, the APPLE "Airport Utility" which comes as standard software with all Mac Computers, uses the OpenSSL library. 

This is in the acknowledgements and licensing agreement feature within the Airport Utility itself.

Because the code hasn't been verified to be vulnerable, it may be best to take the Airport Utility (Located in the "Utilities" folder) and place it into the trashcan.  Apple's culture is one of secrecy and to not disclose issues until a patch is released.

Because Apple and everybody was blindsighted, it's probably best to place the Airport Utility into the trash.

Airport controls WiFi connections to Apple's own WiFi routers.  You should be able to connect to the internet, and configure your router if you use the Apple iPhone or iPad configuration app; then delete the app on your ipad until you need it again.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/15/2014 | 12:59:07 PM
Re: More malware
Yeah, it seems like most of the patches will be out in time, but we really don't know. I haven't gotten any notifications from service providers about actions to take. I was going to just change all my passwords, but sounds like that's not the wisest move, according to Lookout.
Page 1 / 2   >   >>
From The Founder
The more things change, the more they stay the same for Juniper's next-gen comms solutions, and that's a good thing.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Interviews
Rogers: Millennials Prefer Mobile Video

7|1|16   |     |   (0) comments


Rogers' Upinder Saini explains how millennial viewers favor mobile devices over big TVs and non-conventional TV content over broadcast and cable networks.
LRTV Custom TV
ZTE Pre5G & 5G Solutions

6|30|16   |   02:23   |   (0) comments


At 5G World London, ZTE demonstrated two types of equipment, including 128 antenna Pre5G Massive MIMO and 15GHz high-frequency base stations.
LRTV Custom TV
Energy 2020: Technology Innovation to Fuel Power Efficiency

6|30|16   |   07:21   |   (0) comments


Managing energy costs and consumption as cable operators deploy new services requires new levels of innovation from technology partners. In this video, Dave Fellows, co-founder and CTO of Layer3 TV and chief scientist of the SCTE/ISBE Energy 2020 program, discusses such ambitious objectives as achieving a second 500% increase in efficiency in outside plant ...
LRTV Custom TV
Transitioning to Service Agile Networks

6|30|16   |     |   (0) comments


Packet optical networks are transitioning from proprietary converged systems to open disaggregated platforms. This video will describe the Fujitsu 1FINITY disaggregated platform, explore how 1FINITY interoperates with the Fujitsu FLASHWAVE platform and explain how 1FINITY is designed for software control, like with Fujitsu Virtuora NC.
Women in Comms Introduction Videos
Nokia's Advancement Plan: Bring Old Skills to New Roles

6|29|16   |   7:57   |   (1) comment


Nokia's Sandy Motley advises women to change their mindsets; get aggressive about advancing their careers; develop strong, diverse support networks; and always bring forth learned skills to take on new challenges and different roles.
Between the CEOs
CEO Chat: Cisco's Yvette Kanouff

6|28|16   |     |   (0) comments


In Silicon Valley, Steve Saunders sits down with Cisco's Yvette Kanouff for an exclusive in-depth interview.
LRTV Interviews
Comcast: Prepping Next-Gen Video Services

6|28|16   |     |   (0) comments


In this LRTV interview, Comcast's Elad Nafshi outlines where MSO stands with cloud DVR, OTT video, college and gigabit services.
LRTV Custom TV
Energy 2020: Creating Unique Standards for Cable's Unique Networks

6|28|16   |   09:30   |   (0) comments


Cable's unique network requirements require a specific set of standards for operators to increase power efficiency, according to Dan Cooper, vice president of critical infrastructure for Charter Communications and chair of the SCTE/ISBE Standards Program's Energy Management Subcommittee, and Ian Oliver, managing director of the Trenchant Group and a member of the ...
LRTV Custom TV
Masergy: 'Now Is the Time for NFV'

6|28|16   |     |   (0) comments


Hear Ray Watson, VP of Global Technology at Masergy, talk about the advantages that enterprises can leverage using Network Function Virtualization (NFV), and how Masergy takes a unique approach to solving customers' problems. For more information on Masergy, please visit www.masergy.com.
LRTV Custom TV
Masergy Leads the Charge With NFV Capabilities

6|28|16   |     |   (0) comments


Hear Tim Naramore, CTO at Masergy, talk about how focusing on solving specific customer challenges, providing self-service automation tools and being laser focused on the customer experience has enabled Masergy to be a leader in the NFV space. For more information on Masergy, please visit www.masergy.com.
LRTV Custom TV
Private Company of the Year - Affirmed Networks

6|27|16   |     |   (0) comments


At BCE 2016, Steve Saunders speaks to Hassan Ahmed about Affirmed's success.
LRTV Custom TV
Energy 2020: Growing Services, Not Consumption

6|24|16   |   07:18   |   (0) comments


Management of power requirements needs to be a key consideration as cable operators deploy new services, says Dan Cooper, vice president of critical infrastructure for Charter Communications and chair of the SCTE/ISBE Standards Program's Energy Management Subcommittee. In this video, Cooper discusses the importance of cable operators and technology partners ...
Upcoming Live Events
September 13-14, 2016, The Curtis Hotel, Denver, CO
November 3, 2016, The Montcalm Marble Arch, London
November 30, 2016, The Westin Times Square, New York City
December 6-8, 2016,
May 16-17, 2017, Austin Convention Center, Austin, TX
All Upcoming Live Events
Infographics
A new survey conducted by Heavy Reading and TM Forum shows that CSPs around the world see the move to digital operations as a necessary part of their overall virtualization strategies.
Hot Topics
Brexit: It's Hard to See an Upside
Ray Le Maistre, Editor-in-chief, 6/29/2016
Qualcomm Readies Lower-Band 5G Testbed
Dan Jones, Mobile Editor, 6/27/2016
DT Eyes FTTH Solution to German Opex Issue
Iain Morris, News Editor, 6/29/2016
Sigfox Said to Face Customer Backlash
Iain Morris, News Editor, 6/27/2016
Disney Deals $3.5B for MLBAM Stake – Report
Mari Silbey, Senior Editor, Cable/Video, 7/1/2016
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
In Silicon Valley, Steve Saunders sits down with Cisco's Yvette Kanouff for an exclusive in-depth interview.
At the BCE 2016 show in Austin, ECI Telecom CEO Darryl Edwards tells Light Reading founder and CEO about the Elastic Network concept and the company's NFV and cybersecurity developments.
Animals with Phones
Live Digital Audio

Our world has evolved through innovation from the Industrial Revolution of the 1740s to the information age, and it is now entering the Fourth Industrial Revolution, driven by technology. Technology is driving a paradigm shift in the way digital solutions deliver a connected world, changing the way we live, communicate and provide solutions. It can have a powerful impact on how we tackle some of the world’s most pressing problems. In this radio show, Caroline Dowling, President of Communications Infrastructure & Enterprise Computing at Flex, will join Women in Comms Director Sarah Thomas to discuss the impact technology has on society and how it can be a game-changer across the globe; improving lives and creating a smarter world. Dowling, a Cork, Ireland, native and graduate of Harvard Business School's Advanced Management Program, will also discuss her experience managing an international team focused on innovation in an age of high-speed change.