The Edmond Sun

Business

April 11, 2014

Millions of Android phones, tablets vulnerable to Heartbleed bug

SAN FRANCISCO — Millions of smartphones and tablets running Google's Android operating system have the Heartbleed software bug, in a sign of how broadly the flaw extends beyond the Web and into consumer devices.

While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the "limited exception" was one version dubbed 4.1.1, which was released in 2012.

Security researchers said that version of Android is still in use in millions of smartphones and tablets, including in popular models made by Samsung, HTC and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software and the company has said more than 900 million Android devices have been activated worldwide.

The Heartbleed vulnerability was made public earlier this week and can expose people to hacking of their passwords and other sensitive information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said. Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.

"One of the major issues with Android is the update cycle is really long," said Michael Shaulov, chief executive officer and co-founder of Lacoon Security, a cyber-security company focused on advanced mobile threats. "The device manufacturers and the carriers need to do something with the patch, and that's usually a really long process."

Christopher Katsaros, a spokesman for Mountain View, Calif.-based Google, confirmed there are millions of Android 4.1.1 devices. He pointed to an earlier statement by the company, in which it said it has "assessed the SSL vulnerability and applied patches to key Google services."

It's unclear whether other mobile devices are vulnerable. Apple Inc. and Microsoft Corp. didn't respond to messages for comment.

The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites. The bug, which lets hackers silently extract data from computers' memory, and a fix for it were announced simultaneously on April 7.

The reach of the vulnerability continues to widen as Cisco Systems Inc. and Juniper Networks Inc. said yesterday that some of their networking-gear products are affected and will be patched. The Canadian government has ordered websites operated by the federal government that use the vulnerable version of OpenSSL to be taken offline until they can be fixed.

The vast majority of large companies protected their systems immediately and the push is now on to make smaller companies do the same, said Robert Hansen, a specialist in Web application security and vice president of the advanced technologies group of WhiteHat Security Inc.

Hackers have been detected scanning the Internet looking for vulnerable servers, especially in traffic coming from China, though it's difficult to know how many have been successful, said Jaime Blasco, director of AlienVault Labs, part of AlienVault. Many attempts have hit dead ends, Blasco said.

More than 80 percent of people running Android 4.1.1 who have shared data with mobile security firm Lookout Inc. are affected, said Marc Rogers, principal security researcher at the San Francisco-based company. Users in Germany are nearly five times as likely as those in the U.S. to be affected, probably because there is a device that uses that version of Android that is popular there, Rogers wrote in an email.

Still, there are no signs that hackers are trying to attack Android devices through the vulnerability as it would be complicated to set up and the success rate would be low, Rogers said. Individual devices are less attractive to go after because they need to be targeted one by one, he said.

 "Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don't expect to see any attacks against devices until after the server attacks have been completely exhausted," Rogers wrote in an email.

 

1
Text Only
Business
  • Lankford, James 2011.jpg Lankford, rest of Oklahoma delegation vote to sue president

    A Democratic leader said the House does not have standing to sue the president after members of Oklahoma’s congressional delegation voted to do just that.
    At 6:28 p.m. Wednesday, members of the House approved by a 225-201 partisan margin H. Res. 676, which gives House leadership the authority to file a lawsuit challenging actions by President Barack Obam

    July 31, 2014 1 Photo

  • MS_prisons 1.JPG DOC action could save $36.8 million annually

    The Oklahoma Department of Corrections expects to avert more than 2,100 offenders by 2021 saving more than $36.8 million annually, an audit states.
    Tuesday, State Auditor and Inspector Gary Jones  released the results of a performance audit of the DOC that was requested by Gov. Mary Fallin. The audit for the period July 1, 2007 through June 30, 2013, distinctly focused on governance, financial management and capacity management.
    Audit recommendations included:

    July 30, 2014 2 Photos

  • food bank.jpg Regional Food Bank receives donation

    At a special celebration event Wednesday, Walmart and the Walmart Foundation announced that over the last fiscal year they gave more than $30 million in cash and in-kind contributions to charitable organizations throughout Oklahoma. Additionally, the retailer and its Foundation have partnered with local food banks to provide more than 15 million pounds of food to residents.

    July 30, 2014 1 Photo

  • City spends $1.7 million on ITS

    Public safety will benefit by the Intelligent Transportation System with its implementation by the City of Edmond, said Steve Commons, assistant city manager.
    More vehicles are added to traffic volume as Edmond’s population grows. ITS connects all of the city’s traffic signals in order to improve traffic flow in present time with greater efficiency, Commons said Wednesday.
    “Some of that can be done through computer automation that tracks how traffic is changing,” Commons said.

    July 30, 2014

  • Downtown Master Plan accepted by council

    The 2014 Downtown Master Plan Study was accepted by a 3-0 vote Tuesday evening by the Edmond City Council.
    Fort Worth-based consulting group Freese and Nichols presented their final update to the 1998 Downtown Master Plan. The city hired the group at a cost of $300,000 to make recommendations for future development of Broadway in the central business district.
    “There are clearly some short-term (parking) options that we feel should move forward,” said Cody Richardson, of Freese and Nichols consultants of Fort Worth. “Better signage at existing parking lots.”

    July 29, 2014

  • Lambrecht Construction to build office

    The commercial site plan of a physician’s office was approved recently by the Edmond Planning Commission by a vote of 4-0.
    Lambrecht Construction plans to build the office at 3917  E. Covell Road in the Fairfax Business Office, north of Covell and west of Sooner Road, said Bob Schiermeyer, city planner.

    July 29, 2014

  • jc_ITS map.jpg City to improve traffic flow

    The Edmond City Council this week approved a services agreement with Electronic Technology, Inc. For the  installation of Intelligent Transportation Systems’ video wall system at a cost of $314,620. The vote was 3-0.
    ITS is a fiber optic, wireless or hybrid communication system of monitoring road events and equipment in the field, data archiving and predicting traffic volume, said Kent Kacir, an engineer with Kimley-Horn and Associates Inc.

    July 29, 2014 1 Photo

  • sales tax holiday.jpg Oklahoma sales tax takes a holiday

    Beginning at 12:01 a.m. on Friday, Aug. 1 and ending at midnight Aug. 3, Oklahomans will be able to participate in a sales tax holiday giving shoppers the opportunity to purchase certain clothing and shoes free of sales tax.
    Yes, retailers may not charge tax, including state and local sales taxes on items that are tax-exempt during the sales tax holiday weekend. The sales of clothing and shoes priced at less than $100 are exempted from sales taxes.

    July 28, 2014 1 Photo

  • Karan & Rwanda.jpg Peace through Business empowering women entrepreneurs

    Peace Through Business is part of the Institute for Economic Empowerment of Women (IEEW) based in Oklahoma City. It is a program that connects small business entrepreneurs in Afghanistan and Rwanda with business owners in Oklahoma. One such entrepreneur found out about the program from a friend, applied, and was accepted to take part in this year’s session.
    Upon earning a master’s degree in Civil Engineering from the Universite de Sciences et Technique de Lille in Belgium, Lyliose Nduhungirehe began her career working for a construction company in Brussels, but she quickly switched paths to Information Technology.

    July 28, 2014 1 Photo

  • Anderson Properties continues to grow

    Berkshire Hathaway HomeServices Anderson Properties recently announced the acquisition of Tulsa-based Prudential Alliance Realty, an eight-office, 150-agent brokerage operating in Tulsa and Oklahoma City and Edmond.
    The transaction gives Anderson Properties, a full-service real estate agency a total of 38 offices and more than 600 agents.

    July 28, 2014

Stocks