Millions Of Android Devices Still Vulnerable To Heartbleed

Android phone leaking data concept

Last week, news of the Heartbleed bug, which threatens the integrity of HTTPS enabled websites worldwide, broke. In addition to a worry that important data sent between users and websites could be compromised and stolen, there is also a concern that mobile services could be vulnerable. Stephanie Mlot at PC Mag explains how Heartbleed threatens the security of Android users specifically.

Naturally, Google was among the most potentially costly sites should users fall victim to Heartbleed. Not only are Google’s services among the most used online, but they also have access to a lot of personal information that is extremely valuable to criminals. So, Google set out early to patch their services and protect their users.

So far, Google services Search, Gmail, YouTube, Wallet, Play, Apps, AdWords, Maps and Earth have all been patched.

For the Android crowd, every version of the mobile operating system is safe from Heartbleed save for Android 4.1.1. It’s unknown exactly how many users have this version installed on their devices, but some iteration of Android 4.1 is being used by more than a third of Android users. It’s estimated that the number of affected users is in the millions and devices affected include popular manufacturers Samsung and HTC.

A Google spokesperson stated that patching information is being distributed to manufacturers, but this slow process is one of the main issues regarding Android security. Unlike Apple, which can push updates and patches to all of its users directly, Android users must wait for each manufacturer to tailor patches to their specific environment. In cases like this one, that can leave users and data vulnerable to known exploits for days and even weeks.

Blackberry has released a statement informing users that a fix for their Android devices will be made available by the end of the week. Other manufacturers have been quiet, however.

The best option for users in the meantime is to assume that data can be stolen from their device. If your Android device uses the 4.1.1 operating system, which can be checked in the Settings menu under ‘About Phone’, don’t use your device to log-in to online accounts or to message personal information.

While users will have to wait for an official patch to protect themselves from Heartbleed, for any other problems with your Android device or other mobile devices, come by Geek Rescue or call us at 918-369-4335.

April 14th, 2014