Ad-Express and Daily Iowegian, Centerville, IA

Community News Network

April 11, 2014

Millions of Android phones, tablets vulnerable to Heartbleed bug

SAN FRANCISCO — Millions of smartphones and tablets running Google's Android operating system have the Heartbleed software bug, in a sign of how broadly the flaw extends beyond the Web and into consumer devices.

While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the "limited exception" was one version dubbed 4.1.1, which was released in 2012.

Security researchers said that version of Android is still in use in millions of smartphones and tablets, including in popular models made by Samsung, HTC and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software and the company has said more than 900 million Android devices have been activated worldwide.

The Heartbleed vulnerability was made public earlier this week and can expose people to hacking of their passwords and other sensitive information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said. Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.

"One of the major issues with Android is the update cycle is really long," said Michael Shaulov, chief executive officer and co-founder of Lacoon Security, a cyber-security company focused on advanced mobile threats. "The device manufacturers and the carriers need to do something with the patch, and that's usually a really long process."

Christopher Katsaros, a spokesman for Mountain View, Calif.-based Google, confirmed there are millions of Android 4.1.1 devices. He pointed to an earlier statement by the company, in which it said it has "assessed the SSL vulnerability and applied patches to key Google services."

It's unclear whether other mobile devices are vulnerable. Apple Inc. and Microsoft Corp. didn't respond to messages for comment.

The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites. The bug, which lets hackers silently extract data from computers' memory, and a fix for it were announced simultaneously on April 7.

The reach of the vulnerability continues to widen as Cisco Systems Inc. and Juniper Networks Inc. said yesterday that some of their networking-gear products are affected and will be patched. The Canadian government has ordered websites operated by the federal government that use the vulnerable version of OpenSSL to be taken offline until they can be fixed.

The vast majority of large companies protected their systems immediately and the push is now on to make smaller companies do the same, said Robert Hansen, a specialist in Web application security and vice president of the advanced technologies group of WhiteHat Security Inc.

Hackers have been detected scanning the Internet looking for vulnerable servers, especially in traffic coming from China, though it's difficult to know how many have been successful, said Jaime Blasco, director of AlienVault Labs, part of AlienVault. Many attempts have hit dead ends, Blasco said.

More than 80 percent of people running Android 4.1.1 who have shared data with mobile security firm Lookout Inc. are affected, said Marc Rogers, principal security researcher at the San Francisco-based company. Users in Germany are nearly five times as likely as those in the U.S. to be affected, probably because there is a device that uses that version of Android that is popular there, Rogers wrote in an email.

Still, there are no signs that hackers are trying to attack Android devices through the vulnerability as it would be complicated to set up and the success rate would be low, Rogers said. Individual devices are less attractive to go after because they need to be targeted one by one, he said.

 "Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don't expect to see any attacks against devices until after the server attacks have been completely exhausted," Rogers wrote in an email.

 

1
Text Only
Community News Network
  • 072214 Diamond Llama 1.jpg Llama on the loose corralled in Missouri town

    A llama on the lam cruised Main Street Tuesday before it mistook a resident’s fenced backyard for a place to grab a meal and freshen up.

    July 22, 2014 2 Photos

  • An oncologist uses scorpion venom to locate cancer cells

    Olson, a pediatric oncologist and research scientist in Seattle, has developed a compound he calls Tumor Paint. When injected into a cancer patient, it seems to light up all the malignant cells so surgeons can easily locate and excise them.

    July 22, 2014

  • Screen Shot 2014-07-22 at 2.00.42 PM.png VIDEO: Train collides with semi truck carrying lighter fluid

    A truck driver from Washington is fortunate to be alive after driving his semi onto a set of tracks near Somerset, Ky., and being struck by a locomotive, which ignited his load of charcoal lighter fluid.

    July 22, 2014 1 Photo

  • mama.jpg What we get wrong about millennials living at home

    If the media is to be believed, America is facing a major crisis. "Kids," some age 25, 26, or even 30 years old, are living out of their childhood bedrooms and basements at alarmingly high numbers. The hand-wringing overlooks one problem: It's all overblown.

    July 22, 2014 1 Photo

  • Wal-Mart to cut prices more aggressively in back-to-school push

    Wal-Mart Stores plans to cut prices more aggressively during this year's back-to-school season and will add inventory to its online store as the chain battles retailers for student spending.

    July 21, 2014

  • Hospitals let patients schedule ER visits

    Three times within a week, 34-year-old Michael Granillo went to the emergency room at Northridge Hospital Medical Center in Los Angeles because of intense back pain. Each time, Granillo, who didn't have insurance, stayed for less than an hour before leaving without being seen by a doctor.

    July 21, 2014

  • Starved Pennsylvania 7-year-old weighed only 25 pounds

    A 7-year-old Pennsylvania boy authorities described as being so underweight he looked like a human skeleton has been released from the hospital.

    July 21, 2014

  • Malaysians wonder 'Why us?' after second loss of airline jet

    It was all too familiar. Grieving families rushing to airport. The flashing television graphics of a plane's last radar appearance. The uncomfortable officials before a heavy thicket of microphones.
    For many Malaysians, the disappearance of Flight 370 in March has been a long trauma from which the nation has not yet recovered.

    July 18, 2014

  • A quarter of the world's most educated people live in the 100 largest cities

    College graduates are increasingly sorting themselves into high-cost, high-amenity cities such as Washington, New York, Boston and San Francisco, a phenomenon that threatens to segregate us across the country by education.

    July 18, 2014

  • Your chocolate addiction is only going to get more expensive

    For nearly two years, cocoa prices have been on the rise. Finally, that's affecting the price you pay for a bar of chocolate - and there's reason to believe it's only the beginning.

    July 18, 2014

  • Facebook tests button to let people shop from its website

    Members on desktop computers or mobile devices can click a "buy" button to make purchases through advertisements or other posts on the world's largest social network, the Menlo Park, California-based company said Thursday in a blog post.

    July 17, 2014

  • The terrible history of passenger planes getting shot out of the sky

    What is more clear is that, if initial reports are true, this would be the deadliest incident of a civilian passenger plane being shot down in modern memory. In some instances, the causes of the disaster are still shrouded in mystery. Here are some of the worst events.

    July 17, 2014

  • 130408_NT_BEA_good kids We're raising a generation of timid kids

    A week ago, a woman was charged with leaving her child in the car while she went into a store. Her 11-year-old child. This week, a woman was arrested for allowing her 9-year-old daughter to go to the park alone. Which raises just one question: America, what the heck is wrong with you?

    July 17, 2014 1 Photo

  • web_starbucks-cof_big_ce.jpg Starbucks sees more Apple-like stores after Colombia debut

    This week Starbucks opened its first location in Colombia — a 2,700-square-foot store with a heated patio, concrete columns, mirrors on the ceiling and walls of colorful plants.

    July 17, 2014 1 Photo

  • VIDEO: New story emerges about Texas children locked in hot car

    After footage showed Texas shoppers breaking the windows of a hot car to rescue children trapped inside, additional witnesses have come forward to correct the story behind what has become a viral video.

    July 16, 2014

Obituaries
Featured Ads
Poll

The Iowegian wants readers to think about the 2014 Appanoose County Fair. It starts Monday and wraps up on Saturday with a demolition derby at 8 p.m. So, the question of the week is, "How many days do you plan to go to the Appanoose County Fair?

A. I plan to attend all six days.
B. I plan to attend five days.
C. I plan to attend four days.
D. I plan to attend three days.
E. I plan to attend two days.
F. I plan to attend one day.
G. I do not plan to go to the fair this year.
     View Results
Iowegian on Facebook