By now, you probably heard about the Heartbleed bug. It’s already been discussed in the news for a number of weeks. While it’s still very misunderstood, hackers exploiting the vulnerability are already getting arrested – in this case, the Canadian Revenue Agency (CRA) website was exploited and the Social Insurance Number’s (Canada’s equivalent of Social Security Numbers) were stolen.
That’s just a glimpse of the aftermath – chances are there is much more to come as stolen data, money, and more, becomes noticed and thefts are tracked back to the Heartbleed bug. So this leads to speculation on which avenues are being affected the most. The CRA website is a big one. Yahoo is another huge website that was affected by the Heartbleed bug.
Now there are reports surfacing that certain Android devices were not effectively protected from the Heartbleed bug.
Interestingly enough, Google knew about the bug – for over a month – and didn’t do anything about it. Sure, many of their most important services were quickly patched, but one was left out to dry – their Android operating system (OS).
So by now you may be shaking in your boots if you have Android on your smartphone or tablet.
Relax! Google claims that the odds of you being affected are under 10 percent because the amount of devices running an active copy of the particular version of Android OS that is affected makes up for less than 10 percent all Android phones.
Still, there are somewhere around 900 MILLION devices that currently use a Google’s Android OS.
The Android Version at Risk
Jelly Bean (Android 4.1.1), which was released in July 2012 is vulnerable to the Heartbleed bug.
Anyone running a smartphone or tablet with this version of Google’s Android OS will want to fix it on their end as quickly as possible – the Heartbleed bug is something that can be effectively controlled by changing security measures for a website, but downloaded software updates are typically the end user’s job.
Interestingly, a popular online advertising networking, Chitika, reported that the Android 4.1.1 OS made up for 19 percent of their US web traffic stats in the week of April 7th to 13th. This indicates that there is indeed a considerable amount of people that were actively using the vulnerable Android OS, even after it became public knowledge. That adds to the concerns that maybe the percentage of devices at risk was very close to that 10 percent mark that Google used as a cap.
With the massive amount of Android devices that may be vulnerable, it’s time to spread the news…tell all your family and friends. But hold up for a minute – don’t forget to make sure you’re in the clear.
Sure, you may have the latest Android OS version on your smartphone, but have you kept an eye on what OS your tablet has? You really want to make sure that you are not vulnerable on any of your devices. If you are affected, because almost one out of every 10 Android users reading this will be, you will want to fix the problem immediately!
How You Can Secure Your Android Device from the Heartbleed Bug
The Heartbleed bug is an exploit in OpenSSL that can be exploited as a security breach by ill actors.
The Heartbleed Security Scanner can help with verifying whether or not your Android device is considered vulnerable at this given time. You can resource to this app after updating your device as well to make sure that the problem is resolved.
To resolve the problem, you must update your Android device to a newer version of the Google Android OS. However, this is not a solution that is always possible or preferred so looking for a way to simply protect your current OS may be better.
This is where it gets tricky. Google has not provided a patch for their Android 4.1.1 operating system yet.
On April 15th, Sprint announced that a patch is in the works. Of course, there is a big difference between it being in the works and being ready to install. This leaves tens of millions of people potentially vulnerable for an undisclosed amount of time.
How You Can Secure Your Data?
The hard part about the Heartbleed bug is that it’s difficult to really know who has already been affected. This is why many news reports are including advice on changing your passwords and double checking every website you browse through a Heartbleed checker to make sure that no data can get leaked.
All you can hope is that you have been safe so far. Now you may go through the effort of changing all of your passwords – hopefully you do, especially if you use the same one for different accounts – but that’s not going to protect you from future data leaks.
So now you have to play the waiting game for an Android 4.1.1 patch if you don’t want to update to a newer Android version. As a last piece of advice, it would be a good idea to avoid entering any sensitive data while using your vulnerable Android devices until the patch is installed.