Heart bleed bug update: Smartphones running on Android Jelly Bean 4.1.1 affected

Millions of customers still use Android version 4.1.1


According to Google, all Android versions are immune to the Heartbleed bug-- except for Jelly Bean 4.1.1.

Google calls the Jelly Bean vulnerability a "limited exception" on its blog, with less than 10% of active devices using Android version 4.1.1. But with over 900 million Android devices activated worldwide, this means tens of millions of users are affected by the OpenSSL flaw.

Jelly Bean, the most popular version of Android, was originally released in July 2012. There were several versions released through October 2013, extending from 4.1 to 4.3.1. Only version 4.1.1 is vulnerable to Heartbleed, and "patching information" is being distributed to wireless carriers and phone manufacturers. Android software update responsibilities are passed to these Android partners, slowing down the process.

To see which Android version your phone is using, go to "Settings," then select "About phone." Mobile protection app Lookout also allows users to see if their Android version is vulnerable.

Nicknamed "Heartbleed," the "bug" is actually a weakness in OpenSSL's cryptographic software that makes SSL/TLS encryption backfire on computer users. The "https" protocol that is supposed to identify a secure website is actually a signal to hackers that the site is vulnerable to cyber attack. The hackers can then trick a computer's server into sending data stored in its memory.

Google security researcher Neel Mehta was the first to discover Heartbleed, and the weakness was confirmed by internet security firm Codenomicon. Alarmingly, researchers found that the Heartbleed flaw has been in OpenSSL for two years. It is unknown if attacks have been carried out, because exploiting the software loophole leaves no trace.

To end Heartbleed's hold on the server, vendors and service providers must adopt the Fixed OpenSSL software, which was released Monday.

"Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users," Codenomicon instructs. "Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

More News in Life
  • bizarre-mars-photos-taken-by-nasa-rover

    NASA rover appears to show photos of spaceship, pyramid, even mermaid on Mars

    Eagle-eyed conspiracy theorists did some research of their own, zoomed into to photos of rocks on Mars' surface sent by the NASA spacecraft and found intriguing images of what appears to be a spaceship, a mouse, an iguana, a pyramid, a woman and even a mermaid.

  • anger

    10 Bible verses about anger

    Anger is often considered an 'unholy' emotion, and one that Christians should avoid. Of course, we need to keep it in check, but righteous anger is repeatedly referenced throughout scripture. Here are 10 verses to show what the Bible has to say about it.