Light Reading

Mobile Apps Susceptible to Heartbleed, Too

Sarah Thomas
4/14/2014
50%
50%

It's not just Internet infrastructure that's susceptible to Heartbleed, one of the most pervasive OpenSSL security threats in some time. Mobile apps may also be at risk, and several firms are offering warnings and patches to safeguard consumer phones.

The Heartbleed bug is a software flaw discovered last week in the OpenSSL "Heartbeats" function that helps keep secure Internet connections alive. The bug could potentially let cyber criminals steal endless amounts of personal data.

While concern was initially for vulnerable websites, researchers are now warning that both Google (Nasdaq: GOOG) and Apple Inc. (Nasdaq: AAPL)'s mobile operating systems could be at risk as well. As such, BlackBerry said on Monday that it would release security updates for its messaging software on Android and iOS devices by the end of the week.

BlackBerry devices themselves don't use the at-risk software, but the company tells Reuters it needs to update its Secure Work Space corporate email and BBM messaging program that are in use on Android and iOS. The risk level may be relatively low, but the company says it could infect those who use the apps either on WiFi or over the cellular network.

Technically, any app that uses the OpenSSL code is susceptible to the Heartbleed bug. Mobile security provider Lookout has put out a Heartbleed Detector app that, when downloaded by a mobile phone user, can determine what version of OpenSSL the device is using and check to see if the vulnerable feature in Hearbeats is enabled. It can't do anything about it -- that's up to Google or the device maker -- but it does alert consumers to the potential for harm.

Since the bug was unearthed, there haven't been reports of widespread damage, but it could only be a matter of time. In the meantime, companies from operators to network equipment makers to software providers are working hard to develop patches and upgrades so consumers aren't affected. (See Cisco, Juniper Treating Gear Against Potential Heartbleed and Eurobites: Telenor Counters Heartbleed Threat.)

Lookout suggests that consumers should also change their passwords, but not until told to by their individual service providers, as the vulnerability pulls data from the active memory of the affected systems, so any attackers might still have access to a new password as well.

— Sarah Reedy, Senior Editor, Light Reading

(14)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/18/2014 | 3:27:03 PM
Lookout Data

Lookout has new data out from the 10,000 people who downloaded its app and agreed to share their results:

-- "Devices running Android 4.1.1 are predominantly the ones that are vulnerable, but there are also a handful running 4.2.2

-- The Evo, HTC One S and HTC One X are the 3 most popular vulnerable smartphones

-- Regions of the world vary in their level of risk. 

Here you'll find a slideshare which includes full details and the next steps on what to do if your device is vulnerable."

SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/17/2014 | 12:42:43 PM
Wireless okay
More updates today from AT&T, SPrint, Verizon and T-Mobile suggest they have not been affected and are taking the necessary precautions, so rest easy (but not TOO easy). 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/16/2014 | 4:33:56 PM
Re: More malware
I know, right?! EVERYBODY PANIC!!

According to that most reliable of sources, Some Guy On Reddit, iOS doesn't use OpenSSl and is therefore not susceptible, although apps might be susceptible. 
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 6:28:25 PM
Re: More malware
Of course, that makes sense, just like PR people latch on to events ilke this to pitch semi-related companies. I'd hope FireEye isn't making up viruses though...seems like new strands are found every day.
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 6:27:15 PM
Re: More malware
Thanks for the heads up, Malcom. I hope Apple issues that patch soon too.
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 6:26:10 PM
Re: More malware
Yikes, I guess it's starting then.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/15/2014 | 4:50:07 PM
Re: More malware
Attackers used Heartbleed to break into the Canada Revenue Agency.
Phil_Britt
50%
50%
Phil_Britt,
User Rank: Light Sabre
4/15/2014 | 2:48:01 PM
Re: More malware
To me the FireEye notification seems to be somewhat self-serving. McAfee also sent out notices, but also said that their software is not designed to protect against this type of vulnerability. It's good to get notices out, but I'm cautious any time the notice comes from someone seeking to sell a solution.
MalcolmTucker
50%
50%
MalcolmTucker,
User Rank: Light Beer
4/15/2014 | 2:39:12 PM
Re: More malware
I was performing some research into this.  Apparently, the APPLE "Airport Utility" which comes as standard software with all Mac Computers, uses the OpenSSL library. 

This is in the acknowledgements and licensing agreement feature within the Airport Utility itself.

Because the code hasn't been verified to be vulnerable, it may be best to take the Airport Utility (Located in the "Utilities" folder) and place it into the trashcan.  Apple's culture is one of secrecy and to not disclose issues until a patch is released.

Because Apple and everybody was blindsighted, it's probably best to place the Airport Utility into the trash.

Airport controls WiFi connections to Apple's own WiFi routers.  You should be able to connect to the internet, and configure your router if you use the Apple iPhone or iPad configuration app; then delete the app on your ipad until you need it again.
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 12:59:07 PM
Re: More malware
Yeah, it seems like most of the patches will be out in time, but we really don't know. I haven't gotten any notifications from service providers about actions to take. I was going to just change all my passwords, but sounds like that's not the wisest move, according to Lookout.
Page 1 / 2   >   >>
Flash Poll
From The Founder
The New IP is actually bigger even than business. Like another hugely important tech that Light Reading is digging into right now, the New IP has the potential to change the world by fundamentally advancing what it is possible for people to achieve with communications.
LRTV Custom TV
ZTE's Wireline at MWC 2015

3|4|15   |   6:35   |   (0) comments


Light Reading speaks with Jane Chen, ZTE's Senior VP of Wireline Business, about innovations in her product line at Mobile World Congress.
LRTV Custom TV
ZTE at MWC 2015

3|4|15   |   4:24   |   (0) comments


Dr. Dick Chen of ZTE USA gives Light Reading an overview of what's new at ZTE's pavilion at Mobile World Congress 2015.
LRTV Interviews
Ericsson CEO Talks Telco Data Center Tech

3|4|15   |   05:45   |   (0) comments


At Mobile World Congress, Ericsson CEO Hans Vestberg discusses telco data center technology, business models, small cells and more.
Between the CEOs
EXCLUSIVE: Cisco's Chambers on Reinvention

3|3|15   |   8:24   |   (1) comment


Light Reading CEO Steve Saunders talks transformation and virtualization – including Light Reading's independent testing of the vendor's virtualization solutions – with Cisco CEO John Chambers at Mobile World Congress in Barcelona.
LRTV Documentaries
The Three Cs of MWC15

3|2|15   |   2:33   |   (1) comment


My visit to this year's Mobile World Congress is going to dominated by three Cs – cloud, cells and coffee.
LRTV Huawei Video Resource Center
Huawei Shares Its Vision of the Future of Mobile Networks Innovations

2|26|15   |   2:30   |   (0) comments


Mobile broadband is changing our lives. It's reshaping the Internet, industry, and society. It allows us to freely connect with one another anytime, anywhere. At this year's Mobile World Congress, Huawei will share its latest insights and newest ideas and technologies that will shape the future of MBB. They will showcase their end-to-end MBB solutions that will ...
LRTV Huawei Video Resource Center
Accelerate Digitizing, Boost Digital Business

2|26|15   |   6:14   |   (0) comments


A new digital revolution is leading us to a better connected world. Together with millions of digital partners, Huawei will help CSPs to build their digital service ecosystem and aggregate a wide variety of digital services. In this video, we find out how Huawei is going to help CSPs implement digital operations.
LRTV Huawei Video Resource Center
The Secret Recipe to Enabling Hyper-Growth Industries

2|26|15   |   3:38   |   (0) comments


With a number of successful cases on network capability exposure, Huawei is going to share the secret recipe to enabling hyper-growth markets with a step-by-step approach.
LRTV Documentaries
BTE 2015 Is Bigger & Even Better

2|25|15   |   03:13   |   (4) comments


This year's Big Telecom Event (BTE) in Chicago is going to provide more opportunities than ever for networking, getting to grips with key industry challenges and opportunities and, equally as important, having some fun.
LRTV Interviews
Light Reading ICT Leaders Roundtable at MWC 2015

2|12|15   |   1:07   |   (2) comments


On Sunday March 1, 2015, Light Reading will host an ICT Leaders Roundtable in partnership with Huawei. At this half-day event, CIOs, analysts and researchers will discuss key industry trends like virtualization in the cloud with a specific focus on new business models. Located at the luxurious Renaissance Hotel near the Fira Barcelona, space is limited so please ...
LRTV Documentaries
Going Green in 2015

2|12|15   |   02:04   |   (0) comments


Energy efficiency is set to be an incredibly hot topic in the telecom industry this year.
LRTV Custom TV
SDN & NFV: Where Are We Going From Here?

2|11|15   |   11:27   |   (0) comments


Vitesse Semiconductor CTO Martin Nuss gives his perspective on why SDN and NFV should be tightly interconnected and how he sees the industry moving forward.
Upcoming Live Events
March 17, 2015, The Cable Center, Denver, CO
April 14, 2015, The Westin Times Square, New York City, NY
May 12, 2015, Grand Hyatt, Denver, CO
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 8, 2015, Chicago, IL
June 9-10, 2015, Chicago, IL
June 9, 2015, Chicago, IL
June 10, 2015, Chicago, IL
All Upcoming Live Events
Infographics
Net neutrality, broadband services and the current outlook on data consumption, as presented by the New Jersey Institute of Technology.
Hot Topics
Internet Pioneers Decry Title II Rules
Carol Wilson, Editor-at-large, 3/2/2015
Small Cells Enabling Location Services
Sarah Thomas, Editorial Operations Director, 2/25/2015
Verizon Takes Radio Dot to Detroit, VoLTE Overseas
Sarah Thomas, Editorial Operations Director, 2/27/2015
FCC Adopts Title II Rules
Alan Breznick, Cable/Video Practice Leader, 2/26/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Check out Light Reading's interview with Jay Samit, the newly appointed CEO of publicly traded SeaChange International Inc. With a resume that includes Sony, EMI, and Universal, Samit brings a reputation as an entrepreneur and a disruptor to his new role at the video solutions company. Hear what he had to say about the opportunities in video, as well as the outlook for cable, telco, OTT and mobile service providers.