contador Saltar al contenido

Heartbleed: Android hit directly

Compromised apps through a bundled OpenSSL library, 6,000 apps still infected Mobile apps were directly affected by the Heartbleed vulnerability, Trend Micro released a study and warned that until a few days ago apps were believed to be affected only through connection to infected servers, but not so (…)

Apps compromised through a bundled OpenSSL library, 6,000 apps still infected

The mobile apps were directly affected by the Heartbleed vulnerability, Trend Micro carried out a study and warned that until a few days ago it was believed that the apps could only be affected by connecting to the infected servers, but not so. Today, the Trend Micro laboratories reveal that the Android version 4.1.1 was instead directly affected. For devices that use this operating system, all the apps installed with OpenSSL, which is used to establish SSL / TLS connections, are possibly infected and can be compromised to obtain sensitive information of the owners within the device.

In any case, even if the device does not use the compromised operating system, the problem of the app remains. In Google Play there are 273 apps connected to the affected OpenSSL library, which means that those apps can be compromised in any device. And vulnerabilities have also been found in older versions of the Google apps.

To date, Trend Micro laboratories have found over 7,000 apps connected to servers affected by Heartbleed. 6,000 apps are still infected.

Trend Micro has warned Google and also created the Trend Micro OpenSSL Heartbleed Scanner for Chrome, to see which URLs can be compromised.