Light Reading
BlackBerry preps security updates for Android and iOS devices as Lookout warns consumers their mobile apps could be vulnerable.

Mobile Apps Susceptible to Heartbleed, Too

Sarah Reedy
4/14/2014
50%
50%

It's not just Internet infrastructure that's susceptible to Heartbleed, one of the most pervasive OpenSSL security threats in some time. Mobile apps may also be at risk, and several firms are offering warnings and patches to safeguard consumer phones.

The Heartbleed bug is a software flaw discovered last week in the OpenSSL "Heartbeats" function that helps keep secure Internet connections alive. The bug could potentially let cyber criminals steal endless amounts of personal data.

While concern was initially for vulnerable websites, researchers are now warning that both Google (Nasdaq: GOOG) and Apple Inc. (Nasdaq: AAPL)'s mobile operating systems could be at risk as well. As such, BlackBerry said on Monday that it would release security updates for its messaging software on Android and iOS devices by the end of the week.

BlackBerry devices themselves don't use the at-risk software, but the company tells Reuters it needs to update its Secure Work Space corporate email and BBM messaging program that are in use on Android and iOS. The risk level may be relatively low, but the company says it could infect those who use the apps either on WiFi or over the cellular network.

Technically, any app that uses the OpenSSL code is susceptible to the Heartbleed bug. Mobile security provider Lookout has put out a Heartbleed Detector app that, when downloaded by a mobile phone user, can determine what version of OpenSSL the device is using and check to see if the vulnerable feature in Hearbeats is enabled. It can't do anything about it -- that's up to Google or the device maker -- but it does alert consumers to the potential for harm.

Since the bug was unearthed, there haven't been reports of widespread damage, but it could only be a matter of time. In the meantime, companies from operators to network equipment makers to software providers are working hard to develop patches and upgrades so consumers aren't affected. (See Cisco, Juniper Treating Gear Against Potential Heartbleed and Eurobites: Telenor Counters Heartbleed Threat.)

Lookout suggests that consumers should also change their passwords, but not until told to by their individual service providers, as the vulnerability pulls data from the active memory of the affected systems, so any attackers might still have access to a new password as well.

— Sarah Reedy, Senior Editor, Light Reading

(14)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/18/2014 | 3:27:03 PM
Lookout Data

Lookout has new data out from the 10,000 people who downloaded its app and agreed to share their results:

-- "Devices running Android 4.1.1 are predominantly the ones that are vulnerable, but there are also a handful running 4.2.2

-- The Evo, HTC One S and HTC One X are the 3 most popular vulnerable smartphones

-- Regions of the world vary in their level of risk. 

Here you'll find a slideshare which includes full details and the next steps on what to do if your device is vulnerable."

SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/17/2014 | 12:42:43 PM
Wireless okay
More updates today from AT&T, SPrint, Verizon and T-Mobile suggest they have not been affected and are taking the necessary precautions, so rest easy (but not TOO easy). 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/16/2014 | 4:33:56 PM
Re: More malware
I know, right?! EVERYBODY PANIC!!

According to that most reliable of sources, Some Guy On Reddit, iOS doesn't use OpenSSl and is therefore not susceptible, although apps might be susceptible. 
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 6:28:25 PM
Re: More malware
Of course, that makes sense, just like PR people latch on to events ilke this to pitch semi-related companies. I'd hope FireEye isn't making up viruses though...seems like new strands are found every day.
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 6:27:15 PM
Re: More malware
Thanks for the heads up, Malcom. I hope Apple issues that patch soon too.
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 6:26:10 PM
Re: More malware
Yikes, I guess it's starting then.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/15/2014 | 4:50:07 PM
Re: More malware
Attackers used Heartbleed to break into the Canada Revenue Agency.
Phil_Britt
50%
50%
Phil_Britt,
User Rank: Light Sabre
4/15/2014 | 2:48:01 PM
Re: More malware
To me the FireEye notification seems to be somewhat self-serving. McAfee also sent out notices, but also said that their software is not designed to protect against this type of vulnerability. It's good to get notices out, but I'm cautious any time the notice comes from someone seeking to sell a solution.
MalcolmTucker
50%
50%
MalcolmTucker,
User Rank: Light Beer
4/15/2014 | 2:39:12 PM
Re: More malware
I was performing some research into this.  Apparently, the APPLE "Airport Utility" which comes as standard software with all Mac Computers, uses the OpenSSL library. 

This is in the acknowledgements and licensing agreement feature within the Airport Utility itself.

Because the code hasn't been verified to be vulnerable, it may be best to take the Airport Utility (Located in the "Utilities" folder) and place it into the trashcan.  Apple's culture is one of secrecy and to not disclose issues until a patch is released.

Because Apple and everybody was blindsighted, it's probably best to place the Airport Utility into the trash.

Airport controls WiFi connections to Apple's own WiFi routers.  You should be able to connect to the internet, and configure your router if you use the Apple iPhone or iPad configuration app; then delete the app on your ipad until you need it again.
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 12:59:07 PM
Re: More malware
Yeah, it seems like most of the patches will be out in time, but we really don't know. I haven't gotten any notifications from service providers about actions to take. I was going to just change all my passwords, but sounds like that's not the wisest move, according to Lookout.
Page 1 / 2   >   >>
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Interviews
CenturyLink: Building the Case for NFV

12|19|14   |   02:14   |   (0) comments


At the 2020 Vision Executive Summit, James Feger, VP, Network Strategy & Development at CenturyLink, talks about how the US operator is approaching virtual network functions from an operational and business case perspective.
LRTV Interviews
Liberty Global Sees Business Goldmine

12|18|14   |     |   (0) comments


Steen Sorensen, VP of business services for Liberty Global, explains where the giant international MSO sees growth potential.
LRTV Documentaries
EE: The Road to 5G

12|16|14   |   16:02   |   (1) comment


Andy Sutton, the principal network architect at UK mobile operator EE, explains how his company is using Wembley stadium as a wireless test bed and how that's helping EE to plan the evolution to 5G.
LRTV Huawei Video Resource Center
Highlights of Huawei's NFV Open Cloud Forum 2014

12|16|14   |     |   (0) comments


Huawei hosted its inaugural NFV Open Cloud Forum during the SDN & OpenFlow World Congress 2014 in Düsseldorf, Germany. The Forum brought together technology thought leaders, senior executives and telecom professionals from global carriers, industry associations, as well as other partner companies in the ecosystem, to exchange views on and collectively explore how ...
LRTV Custom TV
Realizing Operators' Digital Vision

12|16|14   |   5:23   |   (0) comments


Leveraging technology is fundamental to digital transformation but understanding customers and serving them really well is at the heart of digital businesses. TM Forum lists the following as the strategic pillars of the digital business: business agility and rapid innovation, operational agility and effectiveness, IT and data centricity, plus customer centricity. ...
LRTV Documentaries
US Cellular Injects Analytics Into LTE

12|16|14   |   2:57   |   (1) comment


US Cellular's Mario Vela explains how the operator uses analytics for network planning and what comes next as the carrier looks to eke more value out of its metrics.
LRTV Interviews
How Cox Biz Plans to Keep Growing

12|15|14   |     |   (2) comments


Steve Rowley, SVP of Cox Business, details how the third-biggest US MSO intends to boost its revenues to $2 billion and beyond over the rest of the decade
LRTV Huawei Video Resource Center
Interview With Bill Zhang, Director of SoftCOM Product Management, Huawei

12|15|14   |   2:50   |   (0) comments


Bill Zhang elaborated on Huawei's open philosophy in NFV solution development and network architecture design at the SDN & OpenFlow World Congress 2014.
LRTV Huawei Video Resource Center
Event Highlights: Huawei at SDN & OpenFlow World Congress 2014

12|15|14   |   3:43   |   (0) comments


Huawei joined the 2014 SDN & OpenFlow Congress as one of the key sponsors and contributors. At the event, Huawei reinforced the openness and flexibility of its network infrastructure strategies, and provided updates on its SDN and NVF innovations. Through participations at the exhibitions, forums and speeches, Huawei encouraged the industry to "think bigger and ...
LRTV Interviews
How Cable Biz Services Hit $10B Mark

12|12|14   |     |   (1) comment


Cable operators reached $10 billion in annual business services revenues by delving deeper into their vertical markets and expanding beyond the smallest firms.
LRTV Documentaries
Mediacom Aims to Test Connected Tractors

12|11|14   |   05:07   |   (3) comments


Cable business service provider is taking its services to the 'agribusiness' sector in partnership with farm equipment specialist John Deere and is getting involved in Gigabit Cities developments.
LRTV Interviews
TWC Business Looks Beyond $3B

12|10|14   |     |   (0) comments


TWC Business Services chief Phil Meeks explains how his unit has reached $3 billion in annual revenues and what its plans are for next year.
Upcoming Live Events
February 10, 2015, The Westin Peachtree Plaza, Atlanta, GA
March 17, 2015, The Cable Center, Denver, CO
April 14, 2015, The Westin Times Square, New York City, NY
May 6, 2015, McCormick Convention Center, Chicago, IL
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
Hot Topics
T-Mobile, BlackBerry Flirt With Reuniting
Sarah Reedy, Senior Editor, 12/17/2014
1-Gig: Coming to a Small Town Near You
Jason Meyers, Senior Editor, Gigabit Cities/IoT, 12/17/2014
Comcast Launches 4K Streaming Service
Alan Breznick, Cable/Video Practice Leader, 12/18/2014
US Carriers, You're Going to Cuba!
Mitch Wagner, West Coast Bureau Chief, Light Reading, 12/18/2014
T-Mobile Lights Up 27 Wideband LTE Cities
Sarah Reedy, Senior Editor, 12/15/2014
Like Us on Facebook
Twitter Feed
Webinar Archive