Join now - be part of our community!

Very Important Heartbleed

Meid
Visitor

Very Important Heartbleed

Hey guys, Lookout Security send to Google Play an app to Know if our version has problemsi with our Android version, and for me, saysomething that our SSL version is affected for Heartbleed virus. And lookout app security instead to look for an android update or in case of not, inform to Sony about that.

My question is: knows Sony something about that and they are working?

For me, on Monday I will write them in their chat service. I think is good all forum users use that lookout security app to look for this problem and write to Sony.

Here is the Google Play link for lookout Heartbleed app

https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector
4 REPLIES 4
Danial-mach1
Leader

i doubt that app can do anything..and if it detect heartbleed then what want to do???

as far as i know it attack servers and steal passwords so even that app detect it so nothing we can do then

blackbox
Contributor

According to Google it only affects 4.1.1. They say they have already issued a patch to Sony for the relevant devices (Xperia M is vulnerable). As far as I know Sony haven't issued anything.

The risk isn't particularly great for phones anyway. The main attack vector is stealing directly off a server and not from phones. The risk for phones is something they're calling "reverse Heartbleed" - someone would have to set up a malicious website, which you then would have to visit and they could in theory retreive data at random from your phone. There's been no evidence that anyone has tried it.

*Edit*

Just ran the test on mine - (4.3, .201). It does use the affected version OpenSSL, but Heartbeats is not enabled, so absolutely fine.

Meid
Visitor

Blackboss the same as me, I wrote that, it attacks SSL. I posted this, as a information, and the surprise for me is that some people takes like a joke
blackbox
Contributor


@Meid wrote:
Blackboss the same as me, I wrote that, it attacks SSL. I posted this, as a information, and the surprise for me is that some people takes like a joke

BTW, Heartbleed isn't a virus. It's a bug in a particular  version of OpenSSL, or more accurately, the heartbeat service used as part of OpenSSL.

The buggy version of OpenSSL is on the SP, but the heartbeat service is not enabled, so you don't need to do anything.