Light Reading
BlackBerry preps security updates for Android and iOS devices as Lookout warns consumers their mobile apps could be vulnerable.

Mobile Apps Susceptible to Heartbleed, Too

Sarah Reedy
4/14/2014
50%
50%

It's not just Internet infrastructure that's susceptible to Heartbleed, one of the most pervasive OpenSSL security threats in some time. Mobile apps may also be at risk, and several firms are offering warnings and patches to safeguard consumer phones.

The Heartbleed bug is a software flaw discovered last week in the OpenSSL "Heartbeats" function that helps keep secure Internet connections alive. The bug could potentially let cyber criminals steal endless amounts of personal data.

While concern was initially for vulnerable websites, researchers are now warning that both Google (Nasdaq: GOOG) and Apple Inc. (Nasdaq: AAPL)'s mobile operating systems could be at risk as well. As such, BlackBerry said on Monday that it would release security updates for its messaging software on Android and iOS devices by the end of the week.

BlackBerry devices themselves don't use the at-risk software, but the company tells Reuters it needs to update its Secure Work Space corporate email and BBM messaging program that are in use on Android and iOS. The risk level may be relatively low, but the company says it could infect those who use the apps either on WiFi or over the cellular network.

Technically, any app that uses the OpenSSL code is susceptible to the Heartbleed bug. Mobile security provider Lookout has put out a Heartbleed Detector app that, when downloaded by a mobile phone user, can determine what version of OpenSSL the device is using and check to see if the vulnerable feature in Hearbeats is enabled. It can't do anything about it -- that's up to Google or the device maker -- but it does alert consumers to the potential for harm.

Since the bug was unearthed, there haven't been reports of widespread damage, but it could only be a matter of time. In the meantime, companies from operators to network equipment makers to software providers are working hard to develop patches and upgrades so consumers aren't affected. (See Cisco, Juniper Treating Gear Against Potential Heartbleed and Eurobites: Telenor Counters Heartbleed Threat.)

Lookout suggests that consumers should also change their passwords, but not until told to by their individual service providers, as the vulnerability pulls data from the active memory of the affected systems, so any attackers might still have access to a new password as well.

— Sarah Reedy, Senior Editor, Light Reading

(14)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/18/2014 | 3:27:03 PM
Lookout Data

Lookout has new data out from the 10,000 people who downloaded its app and agreed to share their results:

-- "Devices running Android 4.1.1 are predominantly the ones that are vulnerable, but there are also a handful running 4.2.2

-- The Evo, HTC One S and HTC One X are the 3 most popular vulnerable smartphones

-- Regions of the world vary in their level of risk. 

Here you'll find a slideshare which includes full details and the next steps on what to do if your device is vulnerable."

SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/17/2014 | 12:42:43 PM
Wireless okay
More updates today from AT&T, SPrint, Verizon and T-Mobile suggest they have not been affected and are taking the necessary precautions, so rest easy (but not TOO easy). 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/16/2014 | 4:33:56 PM
Re: More malware
I know, right?! EVERYBODY PANIC!!

According to that most reliable of sources, Some Guy On Reddit, iOS doesn't use OpenSSl and is therefore not susceptible, although apps might be susceptible. 
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 6:28:25 PM
Re: More malware
Of course, that makes sense, just like PR people latch on to events ilke this to pitch semi-related companies. I'd hope FireEye isn't making up viruses though...seems like new strands are found every day.
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 6:27:15 PM
Re: More malware
Thanks for the heads up, Malcom. I hope Apple issues that patch soon too.
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 6:26:10 PM
Re: More malware
Yikes, I guess it's starting then.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/15/2014 | 4:50:07 PM
Re: More malware
Attackers used Heartbleed to break into the Canada Revenue Agency.
Phil_Britt
50%
50%
Phil_Britt,
User Rank: Light Sabre
4/15/2014 | 2:48:01 PM
Re: More malware
To me the FireEye notification seems to be somewhat self-serving. McAfee also sent out notices, but also said that their software is not designed to protect against this type of vulnerability. It's good to get notices out, but I'm cautious any time the notice comes from someone seeking to sell a solution.
MalcolmTucker
50%
50%
MalcolmTucker,
User Rank: Light Beer
4/15/2014 | 2:39:12 PM
Re: More malware
I was performing some research into this.  Apparently, the APPLE "Airport Utility" which comes as standard software with all Mac Computers, uses the OpenSSL library. 

This is in the acknowledgements and licensing agreement feature within the Airport Utility itself.

Because the code hasn't been verified to be vulnerable, it may be best to take the Airport Utility (Located in the "Utilities" folder) and place it into the trashcan.  Apple's culture is one of secrecy and to not disclose issues until a patch is released.

Because Apple and everybody was blindsighted, it's probably best to place the Airport Utility into the trash.

Airport controls WiFi connections to Apple's own WiFi routers.  You should be able to connect to the internet, and configure your router if you use the Apple iPhone or iPad configuration app; then delete the app on your ipad until you need it again.
SarahReedy
50%
50%
SarahReedy,
User Rank: Blogger
4/15/2014 | 12:59:07 PM
Re: More malware
Yeah, it seems like most of the patches will be out in time, but we really don't know. I haven't gotten any notifications from service providers about actions to take. I was going to just change all my passwords, but sounds like that's not the wisest move, according to Lookout.
Page 1 / 2   >   >>
Flash Poll
LRTV Huawei Video Resource Center
IHS Analyst Discusses eLTE at CCW 2014

9|10|14   |   7:09   |   (0) comments


Thomas Lynch, associate director of critical communications at IHS Technology, talks about broadband in critical communications.
LRTV Huawei Video Resource Center
TCAA on Huawei eLTE: A Broadband Solution for Mission-Critical Communications

9|10|14   |   2:29   |   (0) comments


At CCW2014 in Singapore, the TCCA's Phil Kidner talks about the importance of broadband data for critical communications.
LRTV Custom TV
Spotlight on Cisco: SDN for Optical Networks

9|8|14   |   9:27   |   (0) comments


Cisco's Greg Nehib talks OpenFlow and more on the 'Software-Defined Networking for Optical Networks' panel at the Big Telecom Event in June 2014.
LRTV Custom TV
Cisco's Evolved Programmable Network (EPN)

9|8|14   |   4:05   |   (0) comments


A look at the various demos Cisco showed at Light Reading's Big Telecom Event highlighting Cisco's EPN innovation and how SDN and NFV technologies are enabling a variety of new services.
LRTV Huawei Video Resource Center
The Future of Ultra-Broadband, With Kevin Kelly (UBBF2014)

9|5|14   |   1:13   |   (0) comments


If you think the technological changes we've seen up to now are astounding, just wait until you see what the future has in store. Discuss upcoming breakthroughs with Kevin Kelly, Founding Executive Editor of Wired Magazine, at the Huawei Ultra-Broadband Forum on September 24.
LRTV Huawei Video Resource Center
The Inaugural Optical Innovation Forum in Nice

9|2|14   |     |   (0) comments


More than 170 attendees from network operators, service providers, analyst firms, and component companies from around the world convened in Nice in June for the inaugural Optical Innovation Forum, co-produced by Huawei and Light Reading.
Wagner’s Ring
Data Centers Drive Telcos Into the Future

8|28|14   |   2:20   |   (2) comments


Data centers are at the heart of key trends driving telecom -- network virtualization, the drive for increased agility, and the need to compete with OTT providers.
LRTV Custom TV
Why SPs Should Consider Cisco's EPN

8|27|14   |   5:40   |   (0) comments


Sultan Dawood from Cisco discusses Cisco's EPN, which enables SPs to build agile and programmable networks delivering new network virtualized services using Cisco's Evolved Services Platform (ESP).
LRTV Huawei Video Resource Center
Huawei’s Showcase @ Big Telecom Event 2014

8|26|14   |   2.56   |   (0) comments


SoftCOM is Huawei's framework for telecom business and network transformation. Haofei Liu, Solution Marketing Manager, Carrier Business Group, Huawei, showcases Huawei's SoftCOM architecture in this video.
LRTV Huawei Video Resource Center
Huawei @ BTE 2014: Director of Integrated Solutions on SoftCOM & NFV Monetization

8|26|14   |   4.43   |   (0) comments


Libin Dai, Director of Integrated Solutions, Carrier Business Group, discusses Huawei's SoftCOM and NFV monetization. Huawei believes that NFV monetization should be service-driven rather than network-driven, and that operators should have network transformation, service transformation and a compatible and collaborative ecosystem in place in order to deploy NFV.
LRTV Huawei Video Resource Center
Huawei @ BTE 2014: Director of US NFV Lab on CloudEdge & the Future of NFV

8|26|14   |   4.06   |   (0) comments


Sean Chen, Director of US NFV Lab at Huawei, discusses Huawei's new approach to NFV in open collaboration. Huawei believes that through Proof of Concept tests, it could help operators learn and communicate with the industry more effectively. Sean believes that successful implementation of NFV should have its values reaching to end users and discusses how Huawei's ...
LRTV Huawei Video Resource Center
Huawei's Highlights @ Big Telecom Event 2014

8|26|14   |   3.34   |   (0) comments


At the Big Telecom Event in Chicago Huawei showcases its high-level strategy, the SoftCOM architecture, which helps operators reduce the cost of ownership of their network infrastructure and generate additional revenue in the ICT service environment. Huawei showcases over 30 pilot programs from across the globe, focusing on the industry-leading commercial ...
Upcoming Live Events!!
September 23, 2014, Denver, CO
October 29, 2014, New York City
November 6, 2014, Santa Clara
November 11, 2014, Atlanta, GA
December 2, 2014, New York City
December 3, 2014, New York City
December 9-10, 2014, Reykjavik, Iceland
June 9-10, 2015, Chicago, IL
Infographics
A survey conducted by Vasona Networks suggests that 72% of mobile users expect good performance all the time, and they'll blame the network operator when it's not up to par.
Today's Cartoon
Vacation Special Caption Competition Click Here
Latest Comment
Hot Topics
Introducing 'The New IP'
Stephen Saunders, CEO and founder, Light Reading, 9/11/2014
AT&T to Launch WiFi Calling in 2015
Sarah Reedy, Senior Editor, 9/12/2014
Glimpsing the Self-Driving Car
Dan Jones, Mobile Editor, 9/12/2014
Is Rackspace the Best Next Move for CenturyLink?
Ray Le Maistre, Editor-in-chief, 9/9/2014
T-Mobile Accuses Huawei of Espionage
Sarah Reedy, Senior Editor, 9/9/2014
Like Us on Facebook
Twitter Feed