Heartbleed was one of the most discussed topics in the tech verse in the past week or so. Although a patch was released promptly making sure there was not much casualty to report due to the lapse of security in encryption, there is always fear in our mind that something could go wrong. We wrote a comprehensive post detailing the steps you must take to be absolutely sure that Heartbleed does not have any access to your private information, so do check that out before moving ahead.
It was initially thought that only sites on the web and apps that rely on SSL certificates are affected by the bug, but turns out Google powered devices could still be at a severe risk of being compromised. The best explanation of this problem has been written by Ars Technica:
“The most likely scenario for an attacker exploiting a vulnerable Android device is to lure the user to a booby-trapped website that contains a cross-site request forgery or similar exploit that loads banking sites or other sensitive online services in a separate tab. By injecting malicious traffic into one tab, the attacker could possibly extract sensitive memory contents corresponding to the sites loaded in other tabs, he said. A less sophisticated version of the attack—but also one that’s easier to execute—might simply inject the malicious commands into a vulnerable Android browser and opportunistically fish for any sensitive memory contents that may be returned.”
Now, it is obviously not necessary that something like this will happen or that your Android device could be at risk, but given smartphones today hold so much more information than just make phone calls, it is a pretty scary proposition. So, to find out if your Android device could be affected by the Heartbleed bug, one of the several apps that you could use is ‘Heartbleed Detector’
Play Store: Download Heartbleed Detector for your Android Phone here
Once you have the application installed, all you need to do is run it and it will scan automatically for the OpenSSL version that your device is using. Once the application has checked for the SSL version it would warn you if the version is vulnerable or not. In most cases, this will come out in affirmative. After this, the app will detect if the version has enabled the feature called Heartbeats which is an indication of the vulnerability of your device. In case they have not been enabled, the application would let you know about that and you can relax. In case, heartbeats have been enabled, it is best to turn off all the running apps, log out of the account, and reset your device, just to be on the safe side of things.
Via: Ars technica