Heartbleed is one of the biggest security breaches the internet has ever known. Here’s how to protect your Android smartphone against this OpenSSL bug which leaves your phone vulnerable to virus attacks.
What is Heartbleed
Hearbleed is a flaw in the OpenSLL software ‘’Heartbeat’’ function which is what’s behind secure internet connections. It is this function that is buggy, allowing attackers to manipulate it and cause some serious damage to the affected systems. The Heartbleed vulnerability impacts any infrastructure that has the affected version of OpenSSL.
So who is affected?
According to Symantec, the majority of main browsers do not use this OpenSLL software. But on Android, it’s the complete opposite. Your Android is at risk, which means that private info stored on it is as well. You can use the Symantec SSL Tool check to see if a website is vulnerable to the Heartbleed bug.
Heartbleed on Android
Generally speaking, if you are on a vulnerable website and a new identical tab opens when you have entered your identifiers, stop right there and close out right away. Another method that hackers often use is to inject a code into a vulnerable Android navigator, which allows the instigator to fish out sensitive information that is stored in the phone’s memory.
How to protect your Android against Heartbleed
Lookout, a developing group that you might already know thanks to their antivirus app, have developed a new app called Heartbleed Security Scanner that will help you see whether your phone is vulnerable or not: the application however does NOT protect you, which means you will have to wait until Google or your manufacturer releases an update.
Tips to protect your data
- Change your password regularly
- Avoid using the same passwords on various websites
- If you detect a vulnerable site using the Symantec SSL toolbox, wait before changing your password.
- If your Android is vulnerable, be cautious and make sure you update your phone.
The real problem with Heartbleed is that the bug has already existed for over two years, and that your passwords are potentially exposed, yet another reason why you should change them regularly.
Source: Ars Technica