Heartbleed Still Lingers: How to Check Your Android Device for Vulnerabilities

How to Check Your Android Device for Vulnerabilities

Unless you've been living under a rock with no internet connection, it's safe to say that you've heard of the Heartbleed flaw that allows practically anyone with the right knowledge to steal your personal information, such as passwords, credit card numbers, and e-mail addresses using OpenSSL.

What many have been calling the worst web security vulnerability of all time has left online users reeling, so what's there to do?

If you want a simple rundown of the next steps you need to be taking, check out our full guide on Heartbleed and how to secure yourself properly. If you're a Chrome browser user, check out the Chromebleed extension that will alert you whenever you access a site that may still be susceptible.

Your Android Device Might Be Heartbled, Too

As a mobile user, you may also be susceptible to Heartbleed.

Android 4.1.1 Jelly Bean is the only build that used a vulnerable version of OpenSSL 1.0.1c. Most devices with this version of Android have long been updated to 4.1.2 or higher, which are not vulnerable to Heartbleed.

You can check your Android version by going to Settings -> About device -> Android version.

Checking Your Android Device for Further Damage

With tools such Heartbleed Pulse from Trustlook and Bluebox Heartbleed Scanner from Bluebox, checking if your Android system, apps, and external websites are affected is as simple as can be.

If you use Bluebox Heartbleed Scanner (left screenshot), all you have to do is open it up and it will automatically find all applications on your device that use OpenSSL and check if they're vulnerable.

In Heartbleed Pulse (right screenshot), you'll need to tap on "App Scan" button to check which applications are vulnerable.

Once the processes are complete, you can scan through both lists and check out which applications are vulnerable and which aren't. The app scan searches for apps that implement their own usage of OpenSSL outside of the Android system, therefore are subject to their own vulnerabilities.

As you can see below, we're good for the most part except for Netflix, who is still susceptible to the attack.

Netflix was quoted as saying:

"Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact. It's a good practice to change passwords from time to time, now would be a good time to think about doing so."

Again, if you're running Android 4.1.1, it's best that you update to the latest version of the Android OS available for your device. If you find yourself with other apps that are vulnerable, make sure to change your passwords. The majority of large websites have updated to the newest version of OpenSSL, so everything should be clear.

For now...

Hot Deal: Set up a secure second phone number and keep your real contact details hidden with a yearly subscription to Hushed Private Phone Line for Android/iOS, 83%–91% off. It's a perfect second-line solution for making calls and sending texts related to work, dating, Craigslist sales, and other scenarios where you wouldn't want to give out your primary phone number.

Be the First to Comment

Share Your Thoughts

  • Hot
  • Latest