aNewDomain.net — There’s a lot of concern out there about the Heartbleed bug. Changing your passwords and making sure your site and others you use aren’t affected is a great first defense. I showed you How To do that here. But you also need to protect your mobile devices. Here’s How To use Heartbleed detectors and similar utilities for Android, Windows Phone and Apple iOS.
Heartbleed Detector for Android
Most Android devices aren’t affected by the Heartbleed OpenSSL bug — devices running Android 4.1.1 are the exception. In Google’s announcement about patching its services, execs included the following about Android:
All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners.”
One of the more-popular security utilities for Android is provided from the company Lookout. And last week that security company released an app called Heartbleed Detector. You can download it here.
It works by verifying whether your Android device is vulnerable to Heartbleed by determining the version of OpenSSL the device is using. Here are the results you want. You can see that the version of OpenSSL on this Nexus tablet is affected by the Heartbleed bug, but the vulnerable behavior is not enabled – everything is OK.
A note on a couple of things Lookout’s Heartbleed Detector is not. It’s not a fix for the bug. The fix will need to come from Google or the smartphone or tablet’s manufacturer. It’s only meant to keep you informed about the status of your device. Also, it will not tell you if any of your apps are vulnerable. It only lets you know if there’s issues with Android itself.
What If My Android Device Is Affected?
If your device is vulnerable, you’ll want to check for system updates.
It’s up to the infrastructure teams behind the products and services to update their systems. The good news is that Google has already sent a patch to its Android partners. The bad news is you’ll need to wait for the manufacturers to implement it, and of course, the carriers need to test it and push it out — which can take several weeks.
To check for system updates, go to Settings > About > System Update.
iPhone & iPad
Apparently Apple’s iOS and OS X are unaffected by Heartbleed, a spokesman for Apple told Re/code.
Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected.”
Still, it would be prudent to check websites you visit on your iPhone or iPad with LastPass Heartbleed Checker, or any of the other services covered in this article.
Windows Phone 8
Microsoft services and devices are largely unaffected by the Heartbleed bug as the company uses a different type of encryption. But you’ll want to know if the sites you’re visiting are affected. In my article about protecting yourself from Heartbleed while online, I recommended some sites that you can use to check if a site is vulnerable or not.
Windows Phone now has an app that will do the same thing. You can download the Heartbleed app for Windows. It’s basic — just type in the site you want to check and hit Test. It also has an information section on what the Heartbleed bug is. It’s nice to have an app like this that’s simple and easy-to-use while on the go.
Download the Heartbleed test for Windows Phone here.
For aNewDomain.net, I’m Brian Burgess.
Based in Pelican Rapids, MN, Brian Burgess led the relaunch of BYTE with Gina Smith, co-founded aNewDomain.net with Gina, John C. Dvorak and Jerry Pournelle in 2011, and serves as the editor-in-chief of GroovyPost.com. He is the How To gallery captain here at aNewDomain.net. Email him at Brian@aNewDomain.net or Brian@Groovypost.com and find him on Google + and on Twitter as @mysticgeek.
[…] Mobile phone applications (UPDATE: See apps for detecting vulnerability on mobile devices here) […]