Tahlequah Daily Press

Get the scoop!

April 11, 2014

Millions of Android phones, tablets vulnerable to Heartbleed bug

SAN FRANCISCO — Millions of smartphones and tablets running Google's Android operating system have the Heartbleed software bug, in a sign of how broadly the flaw extends beyond the Web and into consumer devices.

While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the "limited exception" was one version dubbed 4.1.1, which was released in 2012.

Security researchers said that version of Android is still in use in millions of smartphones and tablets, including in popular models made by Samsung, HTC and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software and the company has said more than 900 million Android devices have been activated worldwide.

The Heartbleed vulnerability was made public earlier this week and can expose people to hacking of their passwords and other sensitive information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said. Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.

"One of the major issues with Android is the update cycle is really long," said Michael Shaulov, chief executive officer and co-founder of Lacoon Security, a cyber-security company focused on advanced mobile threats. "The device manufacturers and the carriers need to do something with the patch, and that's usually a really long process."

Christopher Katsaros, a spokesman for Mountain View, Calif.-based Google, confirmed there are millions of Android 4.1.1 devices. He pointed to an earlier statement by the company, in which it said it has "assessed the SSL vulnerability and applied patches to key Google services."

It's unclear whether other mobile devices are vulnerable. Apple Inc. and Microsoft Corp. didn't respond to messages for comment.

The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites. The bug, which lets hackers silently extract data from computers' memory, and a fix for it were announced simultaneously on April 7.

The reach of the vulnerability continues to widen as Cisco Systems Inc. and Juniper Networks Inc. said yesterday that some of their networking-gear products are affected and will be patched. The Canadian government has ordered websites operated by the federal government that use the vulnerable version of OpenSSL to be taken offline until they can be fixed.

The vast majority of large companies protected their systems immediately and the push is now on to make smaller companies do the same, said Robert Hansen, a specialist in Web application security and vice president of the advanced technologies group of WhiteHat Security Inc.

Hackers have been detected scanning the Internet looking for vulnerable servers, especially in traffic coming from China, though it's difficult to know how many have been successful, said Jaime Blasco, director of AlienVault Labs, part of AlienVault. Many attempts have hit dead ends, Blasco said.

More than 80 percent of people running Android 4.1.1 who have shared data with mobile security firm Lookout Inc. are affected, said Marc Rogers, principal security researcher at the San Francisco-based company. Users in Germany are nearly five times as likely as those in the U.S. to be affected, probably because there is a device that uses that version of Android that is popular there, Rogers wrote in an email.

Still, there are no signs that hackers are trying to attack Android devices through the vulnerability as it would be complicated to set up and the success rate would be low, Rogers said. Individual devices are less attractive to go after because they need to be targeted one by one, he said.

 "Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don't expect to see any attacks against devices until after the server attacks have been completely exhausted," Rogers wrote in an email.

 

1
Text Only
Get the scoop!
  • 20140727-AMX-GUNS271.jpg Beretta, other gun makers heading to friendlier states

    In moving south and taking 160 jobs with it, Beretta joins several other prominent gunmakers abandoning liberal states that passed tough gun laws after the Newtown shooting.

    July 28, 2014 1 Photo

  • Fast food comes to standstill in China

    The shortage of meat is the result of China's latest food scandal, in which a Shanghai supplier allegedly tackled the problem of expired meat by putting it in new packaging and shipping it to fast-food restaurants around the country

    July 28, 2014

  • Dangerous Darkies Logo.png Redskins not the only nickname to cause a stir

    Daniel Snyder has come under fire for refusing to change the mascot of his NFL team, the Washington Redskins. The Redskins, however, are far from being the only controversial mascot in sports history.  Here is a sampling of athletic teams from all areas of the sports world that were outside the norm.

    July 28, 2014 3 Photos

  • CATS-DOGS281.jpg Where cats are more popular than dogs in the U.S.-and all over the world

    We all know there are only two types of people in the world: cat people and dog people. But data from market research firm Euromonitor suggest that these differences extend beyond individual preferences and to the realm of geopolitics: it turns out there are cat countries and dog countries, too.

    July 28, 2014 1 Photo

  • 'Rebel' mascot rising from the dead

    Students and alumni from a Richmond, Va.-area high school are seeking to revive the school's historic mascot, a Confederate soldier known as the "Rebel Man," spurring debate about the appropriateness of public school connections to the Civil War and its icons.

    July 28, 2014

  • HallofFameBraves.jpg Hall of Fame adds businesslike Braves, Frank Thomas, managers La Russa and Torre

    Atlanta Braves pitchers Greg Maddux and Tom Glavine, and their manager, Bobby Cox, dominated much of baseball during the 1990s. This weekend they went into the Hall of Fame together.

    July 28, 2014 1 Photo

  • wd saturday tobias .jpg Stranger’s generosity stuns Ohio veteran

    Vietnam War veteran David A. Tobias was overwhelmed recently when a fellow customer at an OfficeMax store near Ashtabula, Ohio paid for a computer he was purchasing.

    July 28, 2014 1 Photo

  • How spy agencies keep their 'toys' from law enforcement

    A little over a decade ago, federal prosecutors used keystroke logging software to steal the encryption password of an alleged New Jersey mobster, Nicodemo Scarfo Jr., so they could get evidence from his computer to be used at his trial.

    July 26, 2014

  • Brother sues W.Va. senator over business loan

    U.S. Sen. Joe Manchin's brother claims he's owed $1.7 million that he loaned to keep a family carpet out of bankruptcy in the 1980s.

    July 26, 2014

  • Lynette Rae Sampson.jpg Say what?: Woman arrested after calling EPD to complain her meth was ‘laced’

    A 54-year-old Enid woman is facing felony drug charges after allegedly calling police earlier in the week and telling them she thought her methamphetamine was laced with something. Woman to officer: "I'm glad you came."

    July 25, 2014 1 Photo

  • Facebook continues moneymaking trend

    Facebook seems to have figured out - for now at least - the holy grail for all media right now: how to make money selling mobile ads.

    July 25, 2014

  • Russia's war on McDonald's takes aim at the Filet-o-Fish

    Russia said earlier this week that it had no intention of answering Western sanctions by making it harder for Western companies to conduct business in Russia.
    But all bets are off, apparently, when you threaten the Russian waistline.

    July 25, 2014

  • taylor.armerding.jpg Inequality crisis shot with factual problems, hypocrisy

    President Obama, various media and political liberals say inequality, of all things, is the defining issue of our times. Yet this message is delivered by multimillionaires and a president who jets from tee time to stump speech on the taxpayer's dime.
     

    July 25, 2014 1 Photo

  • photo of oil tanks and fiberglass salt water tank.jpg Officials investigate oil-covered barn owls, dead birds

    “These birds got into a saltwater tank that was full. Most of it’s saltwater, but there’s the scum of oil on top of it. That’s the reason why the (Oklahoma) Corporation Commission and federal rules say that those tanks have to be covered." — Oklahoma Department of Wildlife Conservation Major County Game Warden Lt. Frank Huebert

    July 25, 2014 1 Photo

  • Arizona's prolonged lethal injection is fourth in U.S. this year

    Arizona's execution of double-murderer Joseph Wood marked the fourth time this year that a state failed to dispatch a convict efficiently, according to the Constitution Project, a bipartisan legal group.3

    July 25, 2014

Poll

Do you believe school administrators and college presidents in Oklahoma are paid too much?

Strongly agree.
Somewhat agree.
Somewhat disagree.
Strongly disagree.
Undecided.
     View Results
Tahlequah Daily Press Twitter
Follow us on twitter
AP Video
Rodents Rampant in Gardens Around Louvre House to Vote on Slimmed-down Bill for Border Looming Demand Could Undercut Flight Safety Raw: 2 Shells Hit Fuel Tank at Gaza Power Plant Raw: Massive Explosions From Airstrikes in Gaza Giant Ketchup Bottle Water Tower Up for Sale Easier Nuclear Construction Promises Fall Short Kerry: Humanitarian Cease-fire Efforts Continue Raw: Corruption Trial Begins for Former Va Gov. The Carbon Trap: US Exports Global Warming UN Security Council Calls for Gaza Cease-fire Traditional African Dishes Teach Healthy Eating 13 Struck by Lightning on Calif. Beach Baseball Hall of Famers Inducted Israel, Hamas Trade Fire Despite Truce in Gaza Italy's Nibali Set to Win First Tour De France Raw: Shipwrecked Concordia Completes Last Voyage Raw: Sea Turtle Hatchlings Emerge From Nest Raw: Massive Dust Storm Covers Phoenix 12-hour Cease-fire in Gaza Fighting Begins
Stocks