Following his announcement heartbleed the online community has realized how vulnerable it is. Security-related issues have been confirmed as system administrators try to "patch" holes in security, in places that until recently were taken for granted. Meanwhile, it became known that not only websites but also millions of smartphones and tablets are affected.
Heartbleed is a critical bug (CVE-2014 – 0160) in the popular encryption application OpenSSL that allows attackers to read parts of μνήμηof the affected server, potentially exposing user data such as names, passwords, credit card numbers, and more.
While most websites report that they have fixed the problem, let's remind that there are around 40-60000000000 active Smartphone applications that can be shared by Heartbleed, as they use OpenSSL to connect to different servers.
Let's look at what's happening with the most popular mobile operating systems.
ANDROID
Google said in its blog, that Android is not vulnerable to the Heartbleed bug, except from a very specific version.
Android 4.1.1 Jelly Bean uses the vulnerable version of OpenSSL.
Google has not disclosed how many devices are vulnerable to the bug, but according to the company, it is estimated that about 34,4% of devices using Android are running Android 4.1.x.
Last September, Google announced that it had activated one billion devices. This means that the minimum number of affected devices is likely to reach millions.
Google has already released the patches for Android 4.1.1 but, as it is known, the update will be released by device manufacturers and mobile providers.
APPLE
Apple device users can sleep quietly. Devices running iOS and OS X are not affected by Heartbleed.
"Apple is taking security very seriously. "IOS and OS X do not use vulnerable software and basic services like web-based are not affected," Apple told Re / code.
Instead of using OpenSSL, Apple uses different libraries SSL / TLS που ονομάζει Secure Transport. Το Φεβρουάριο ανακαλύφθηκε ευπάθεια στο Secure Transport, που επέτρεπε επιθέσεις man-in-the-middle (MitM). Βέβαια το συγκεκριμένο security gap it was not as dangerous as the OpenSSL Heartbleed bug.
However, Apple users should be cautious as those who use BBM for personal messages on iOS may be vulnerable to vulnerability.
BLACKBERRY
Blackberry has confirmed that some of its products, such as Secure Work Space for iOS and Android, BlackBerry Link for Windows and Mac OS, and BBM for iOS and Android are vulnerable to Heartbleed. The number of affected users reaches 80 million (as many users use the BBM service).
The company has assured that BlackBerry Smartphones and tablets, BlackBerry Enterprise Server 5, and BlackBerry Enterprise Service 10 are not affected by the defect and are fully protected.