The widespread Heartbleed virus that rocked the Worldwide Web last week is not done infecting the Internet. Today, Ars Technica is reporting that mobile devices running Android 4.1.1 and some versions of 4.2.2 have a vulnerability that effects end-users. This attack could potentially steal passwords, personal messages, and other private information from a device’s memory.
According to Ars Technica, Heartbleed has the potential to affect mobile devices that use routers for transferring data. Android appears to be the most vulnerable mobile operating system. According to an official statement from Google, the vulnerability was detected and patches have been distributed. The Android maker still recommends that “Google Compute Engine (GCE) customers create new keys for any affected SSL services. Google Search Appliance (GSA) customers should also consider creating new keys after patching their GSA.”
Security researcher Marc Rogers of Lookout Mobile notes that the risk to Android device users is very high. “If you have a vulnerable device and there’s no fix available for you, I would be very cautious about using that device for sensitive data,” Rogers said. “So I would be cautious about using it for banking or sending personal messages.”
Due to the mobile operating system’s fragmented software, 4.1 is the most popular version of Android. According to Android’s developer dashboard, which was last updated on April 1, 34.4 percent of Android users are running 4.1.
Last week, Apple sent an official statement to Re/code regarding Heartbleed and its affect on iOS and OS X. “Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.
However, Blackberry recently warned that Blackberry Messenger (BBM), which is available on OS X, iOS, Android, and Windows contains a defect that could affect security on devices. The company has already released an update to the app that mitigates the vulnerability.
While it is likely that your iPad has not been affected by Heartbleed, the fact that this bug has the potential to affect end-users is a good reminder of how important it is to have strong, secure passwords. As a reminder, 1Password is still on sale for half off. You can also check out our tutorial for updating passwords through iCloud Keychain.