Heartbleed Detector App Checks Android’s Security

In response to the Heartbleed scare, Lookout Security has released the Heartbleed Detector app for Android, which examines your Android device for vulnerability. The tech world was rocked on April 7 by the announcement that supposedly secure sites like Yahoo, Amazon, and Tumblr were vulnerable to security breaches through a bug in OpenSSL, a popular open-source encryption software.

Heartbleed Detector App

The Heartbleed Detector checks if an affected version of OpenSSL is in use. If it is, the app then checks if the Heartbeat function is enabled. While it can inform you whether your device is at risk, the app cannot fix the bug; if your Android is affected, you must wait for an update that includes the patch to be released for your phone. Until then, the only way to keep the information on your device secure may be to prevent it from connecting to the Internet.

“The good news is that Lookout has not yet seen the Heartbleed vulnerability exploited on a mobile device, and while this is a credible risk, the likelihood of you encountering an exploit is low,” according to Lookout’s blog. Since other sources like Codenomicon have claimed that a Heartbleed attack leaves no trace, it is unclear how Lookout would be aware if an attack had occurred.

Are Mobile Devices at Risk?

While media focus has been on large websites and servers, any device that encrypts data on the Internet could be vulnerable if it uses the Heartbeat function of the OpenSSL cryptography software. Android is known to be potentially vulnerable, while iOS is safe and Windows OS is “likely safe,” according to Digital Trends.

Only version 4.1.1 of Android is vulnerable. While Digital Trends suggests that that might include over 300 million devices, Google implies that the number is much smaller and states that it is handling the problem by distributing the information needed to patch the Heartbleed vulnerability.

A Bug-Free Device Cannot Guarantee Security

Even if your Android is cleared by the Heartbleed Detector app, that does not mean that your information is secure. Any individual app can also be vulnerable to the bug, as can any website you visit while on your device. However, major websites that were vulnerable are addressing the issue aggressively, and many have already patched the faulty code. Check CNET’s list of websites and Digital Trends’ list of apps to see which servers are safe to use.

The overwhelming scale of this vulnerability has many people rethinking Internet security and how they surf the web. Will Heartbleed affect the way you use your mobile device in the future?

Image courtesy of Wikimedia Commons