Thursday, May 1, 2014

Heartbleed Attacks Are Completely Undetectable on Old Android OS

Android-phone

It's still an open wound.
Three weeks after most of the Web protected its computers from the Heartbleed Internet bug, there are lingering threats. Many smartphones running an older version of Google's Android software may still be vulnerable to hacking attacks.
As we've reported, millions of devices globally using Android version 4.1.1, which was released in 2012, carry the Heartbleed flaw. And while Google has "applied patches to key Google services," according to the company, individual wireless carriers and handset makers still need to push out the fix.
That can be a "really long process," said Michael Shaulov, chief executive officer and co-founder of Lacoon Mobile Security. So to create an even greater sense of urgency, his companyproduced a video showing what an attack against the devices would look like.
Screengrab from Lacoon Mobile Security's Youtube video
Shaulov said the point is to show the ease with which vulnerable devices can be exploited and refute suggestions that attacks would be impractical. The video shows pages of data pulled from a target phone's memory spilling onto the screen, exposing passwords and other sensitive information — precisely what the "bleed" in Heartbleed refers to.

0 comments: