News about the Heartbleed Internet bug has been making rounds since its inception a couple of weeks back. Heartbleed bug is a flaw that existed in secured networks for the last two years. It was discovered by Codenomicon, the Finnish firm which uncovered the bug. Heartbleed bug opened a window for intruder to steal user data from secured networks.
The OpenSSL bug came as a shock to the industry as the exploit in the system went unnoticed for a long period. Security experts believe that nothing much can be done by the Internet users to protect themselves from the recently uncovered “Heartbleed” bug.
The bug resides on the website’s encrypted servers so the issue needs to be fixed at the server end. But after the bug was found on android’s Jelly Bean a client-side loophole came to light.
Android and Heartbleed Vulnerability:
Google had posted an article by Matthew O’Connor, Product Manager on its blog posted to address the issue.
He had in the blog posted the various steps taken by Google against the Heartbleed bug. For Android users he has mentioned that all the versions of OS except one are safe from the threat. Android Jelly Bean 4.1.1 is the one vulnerable to heartbleed.
Google has successfully patched the bug and released updates for its vulnerable Jelly Bean. However the handset manufacturers and network operators are not eager to push android updates to its subscribers. This leaves the OpenSSL bug window open to hackers.
Android Heartbleed bug video on how the sensitive info is stolen:
To highlight the seriousness of the flaw, Lacoon – A Mobile Security Firm had recently launched the android heartbleed bug video. This video shows how your credentials are stolen on a secured connection though the OpenSSL is patched on server-side.