& cplSiteName &

Mobile Apps Susceptible to Heartbleed, Too

Sarah Thomas
4/14/2014
50%
50%

It's not just Internet infrastructure that's susceptible to Heartbleed, one of the most pervasive OpenSSL security threats in some time. Mobile apps may also be at risk, and several firms are offering warnings and patches to safeguard consumer phones.

The Heartbleed bug is a software flaw discovered last week in the OpenSSL "Heartbeats" function that helps keep secure Internet connections alive. The bug could potentially let cyber criminals steal endless amounts of personal data.

While concern was initially for vulnerable websites, researchers are now warning that both Google (Nasdaq: GOOG) and Apple Inc. (Nasdaq: AAPL)'s mobile operating systems could be at risk as well. As such, BlackBerry said on Monday that it would release security updates for its messaging software on Android and iOS devices by the end of the week.

BlackBerry devices themselves don't use the at-risk software, but the company tells Reuters it needs to update its Secure Work Space corporate email and BBM messaging program that are in use on Android and iOS. The risk level may be relatively low, but the company says it could infect those who use the apps either on WiFi or over the cellular network.

Technically, any app that uses the OpenSSL code is susceptible to the Heartbleed bug. Mobile security provider Lookout has put out a Heartbleed Detector app that, when downloaded by a mobile phone user, can determine what version of OpenSSL the device is using and check to see if the vulnerable feature in Hearbeats is enabled. It can't do anything about it -- that's up to Google or the device maker -- but it does alert consumers to the potential for harm.

Since the bug was unearthed, there haven't been reports of widespread damage, but it could only be a matter of time. In the meantime, companies from operators to network equipment makers to software providers are working hard to develop patches and upgrades so consumers aren't affected. (See Cisco, Juniper Treating Gear Against Potential Heartbleed and Eurobites: Telenor Counters Heartbleed Threat.)

Lookout suggests that consumers should also change their passwords, but not until told to by their individual service providers, as the vulnerability pulls data from the active memory of the affected systems, so any attackers might still have access to a new password as well.

— Sarah Reedy, Senior Editor, Light Reading

(14)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Page 1 / 2   >   >>
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/18/2014 | 3:27:03 PM
Lookout Data

Lookout has new data out from the 10,000 people who downloaded its app and agreed to share their results:

-- "Devices running Android 4.1.1 are predominantly the ones that are vulnerable, but there are also a handful running 4.2.2

-- The Evo, HTC One S and HTC One X are the 3 most popular vulnerable smartphones

-- Regions of the world vary in their level of risk. 

Here you'll find a slideshare which includes full details and the next steps on what to do if your device is vulnerable."

Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/17/2014 | 12:42:43 PM
Wireless okay
More updates today from AT&T, SPrint, Verizon and T-Mobile suggest they have not been affected and are taking the necessary precautions, so rest easy (but not TOO easy). 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/16/2014 | 4:33:56 PM
Re: More malware
I know, right?! EVERYBODY PANIC!!

According to that most reliable of sources, Some Guy On Reddit, iOS doesn't use OpenSSl and is therefore not susceptible, although apps might be susceptible. 
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/15/2014 | 6:28:25 PM
Re: More malware
Of course, that makes sense, just like PR people latch on to events ilke this to pitch semi-related companies. I'd hope FireEye isn't making up viruses though...seems like new strands are found every day.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/15/2014 | 6:27:15 PM
Re: More malware
Thanks for the heads up, Malcom. I hope Apple issues that patch soon too.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/15/2014 | 6:26:10 PM
Re: More malware
Yikes, I guess it's starting then.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/15/2014 | 4:50:07 PM
Re: More malware
Attackers used Heartbleed to break into the Canada Revenue Agency.
Phil_Britt
50%
50%
Phil_Britt,
User Rank: Light Sabre
4/15/2014 | 2:48:01 PM
Re: More malware
To me the FireEye notification seems to be somewhat self-serving. McAfee also sent out notices, but also said that their software is not designed to protect against this type of vulnerability. It's good to get notices out, but I'm cautious any time the notice comes from someone seeking to sell a solution.
MalcolmTucker
50%
50%
MalcolmTucker,
User Rank: Light Beer
4/15/2014 | 2:39:12 PM
Re: More malware
I was performing some research into this.  Apparently, the APPLE "Airport Utility" which comes as standard software with all Mac Computers, uses the OpenSSL library. 

This is in the acknowledgements and licensing agreement feature within the Airport Utility itself.

Because the code hasn't been verified to be vulnerable, it may be best to take the Airport Utility (Located in the "Utilities" folder) and place it into the trashcan.  Apple's culture is one of secrecy and to not disclose issues until a patch is released.

Because Apple and everybody was blindsighted, it's probably best to place the Airport Utility into the trash.

Airport controls WiFi connections to Apple's own WiFi routers.  You should be able to connect to the internet, and configure your router if you use the Apple iPhone or iPad configuration app; then delete the app on your ipad until you need it again.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
4/15/2014 | 12:59:07 PM
Re: More malware
Yeah, it seems like most of the patches will be out in time, but we really don't know. I haven't gotten any notifications from service providers about actions to take. I was going to just change all my passwords, but sounds like that's not the wisest move, according to Lookout.
Page 1 / 2   >   >>
From The Founder
Either we perform a complete 'factory reset' on the way the telecom industry creates and deploys virtualization, or we face the consequences.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Custom TV
Infinera Introduces Instant Network

4|20|17   |     |   (1) comment


Mike Capuano, vice president of marketing at Infinera, discusses the advancement from Instant Bandwidth to new Instant Network capabilities, which include Bandwidth License Pools, Moveable Licenses and Automated Capacity Engineering (ACE).
Women in Comms Introduction Videos
Vodafone's Eubank on Sponsors, Mentors & Moving On Up

4|19|17   |   4:25   |   (0) comments


Vodafone America's Head of Operations Kimberly Eubank breaks down the difference between a sponsor and a mentor and shares why both made a big difference in her career.
LRTV Custom TV
NYC Auto Show: Are We Smart Yet?

4|18|17   |     |   (0) comments


The auto industry is facing some big transformations as electric vehicles, autonomous technology and connected cars are seen as the future of the industry. During the much-anticipated NY international auto show, there was an emergence of new technology and mobility service on the show floor. Aside from performance, brands like Lincoln, Hyundai, Honda, Mercedes and ...
LRTV Huawei Video Resource Center
The Impact of Video

4|18|17   |     |   (0) comments


David Mercer from Strategy Analytics discusses the impact of video on current strategies.
LRTV Custom TV
Pardeep Kohli Discusses Network Transformation & the Market Opportunity for the 'New' Mavenir Systems

4|13|17   |     |   (0) comments


In a brief discussion at MWC 2017, Heavy Reading analyst Adi Kishore talks to Pardeep Kohli, CEO, Mavenir Systems about the creation of the 'new Mavenir' and some of the key challenges facing operators in today's market. A key theme of the discussion centers around operator need for software-only, virtualized solutions and how they will need to adapt to ...
Women in Comms Introduction Videos
Tech Maverick Shares Her Tips for Gender Inclusivity

4|12|17   |   7:28   |   (0) comments


Wendy Hall Bohling, a corporate escapee, author and gender exclusivity consultant, tells her story of sexism, bias and progress along the road to gender equality in the workforce.
LRTV Huawei Video Resource Center
Huawei at MWC 2017

4|11|17   |     |   (0) comments


At Mobile World Congress 2017, the biggest mobile industry gathering of the year, Huawei showcased its new innovations and solutions with the theme "Open Road," which focuses on cloud, 5G, operation transformation, videos and consumer-oriented products. Its campaign has been recognized by three awards given by GSMA.
LRTV Custom TV
China Telecom NFV Infrastructure on RSD

4|6|17   |     |   (0) comments


Lynn Comp, senior director of market development of Intel, is joined by Chong Zhang, storage engineer at Inspur and Ou Li Yan, architect for technology strategies of China Telecom on what NFV brings.
LRTV Custom TV
Nokia's IMPACT Software Demo

4|6|17   |     |   (0) comments


Khamis Abulgubein of IoT market development at Nokia demonstrates IMPACT (intelligent management platform for all connected things), a software solution with a horizontal approach to managing any device on any application.
LRTV Custom TV
Nokia Introduces Virtual Service Router for More Rapid Service

4|6|17   |     |   (0) comments


James Cumming, product line manager for virtualized service routers at Nokia, demonstrates how the virtual router based off the Nokia ecosystem changes the network function experience.
LRTV Custom TV
The Keys to SD-WAN Success

4|6|17   |     |   (0) comments


Versa Networks CEO Kelly Ahuja talks about the key requirements for service provider-managed SD-WANs.
LRTV Custom TV
Intel & Cisco on Joint 5G Solutions

4|5|17   |     |   (0) comments


Dave Ward, SVP and CTO of Cisco, is joined by Sandra Rivera, corporate VP and general manager of network platforms group of Intel, on the revolutionary 5G technology that changes networking and computing fundamentally.
Upcoming Live Events
May 15-17, 2017, Austin Convention Center, Austin, TX
May 15, 2017, Brazos Hall - Austin, TX
May 15, 2017, Austin Convention Center - Austin, TX
June 6, 2017, The Joule Hotel, Dallas, TX
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Time for a Telecom Reboot
Steve Saunders, CEO and founder, Light Reading, 4/19/2017
Comcast Ready for Clash With Hulu
Mari Silbey, Senior Editor, Cable/Video, 4/18/2017
Unlicensed: It's What's Next for US Mobile Operators
Dan Jones, Mobile Editor, 4/19/2017
First Year TIPs the Scale Toward Success
Denise Culver, 4/24/2017
Verizon's Fiber Spend Won't End With Corning
Mari Silbey, Senior Editor, Cable/Video, 4/19/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
TEOCO Founder and CEO Atul Jain talks to Light Reading Founder and CEO Steve Saunders about the challenges around cost control and service monetization in the mobile and IoT sectors.
Animals with Phones
Now That's an Ad Campaign Click Here
Meerkats to the rescue!
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.