Heartbleed vulnerability could also be used to hack into Android devices, how to check if your phone is affected.
We have previously written about the great OpenSSL flaw called Heartbleed. Vulnerability evokes continually headaches with many server administrators around the Web, but security researchers have also pointed out that the bug can be exploited to hack Android devices.
The major browsers do not use the OpenSSL library to implement HTTPS and is therefore not affected by Heartbleed, the same cannot be said for the Android OS.
According to Ars Technica can be compromised by an Android phone to entice a user into a page which contains some code that opens one’s banking website or other website with sensitive information in another tab. by injecting malicious traffic in a loss, the attacker might be able to pull information out, about the pages in memory that is loaded in the other tabs.
A second and less sophisticated method-but also significantly easier to execute-are simply to bombard a vulnerable android browser with malicious commands and fish for content in memory that contains sensitive information.
With so many different and tweakede Android versions, it is difficult to give a definitive list of which versions are affected by this vulnerability, but the company Heartbleed has created an application that Lookout Mobile can tell whether your unit is affected.
The app can be downloaded here and can tell if your phone contains a vulnerable version of OpenSSL, and will also provide information on the snippet of code (an extension to handle so-called heartbeats in OpenSSL) which is hosting the vulnerability is enabled.
If you do not have the vulnerable version of OpenSSL or (like me) If you have, but do not have the heartbeat extension enabled so you had to be on the safe side. Otherwise, it’s a good idea to tread warily until there comes a patch for the operating system.