A new devastating bug in OpenSSL discovered on Monday and it severely compromises the integrity of secure communications and above all, the user can do much about it. To discovered this bug, a new app called “Heartbleed Detector” released for Android and by using this app you can easily check that your Android device is vulnerable or not to the Hearbleed bug in OpenSSL.
According to Google Play Store,
The Lookout Heartbleed Detector can be used to determine whether or not your Android device is vulnerable to the Heartbleed bug in OpenSSL. This app works by determining what version of OpenSSL your device is using. If your device is using one of the affected versions of OpenSSL, we then check to see if the specific vulnerable feature called Heartbeats is enabled.
For your information, Hearbleed is a software flaw in the OpenSSL “Heartbeat” function that helps keep secure connections alive. This function was found to be vulnerable to manipulation in a way that allows an attacker to steal up to 64K of data at a time from the active memory of affected systems. The bug, found by researchers from Codenomicon and Google, and filed with the following reference number – CVE-2014-0160, impacts any infrastructure that includes the affected versions of OpenSSL.
Heartbleed is a flaw in the “Hearbeats” function of OpenSSL & it helps to keep your secure connections alive and allows attackers to steal up to 64K of data at a time from the active memory of affected systems. This app is not meant to fix this vulnerability, this will need to be patched by Google or your device manufacturer and it is only meant to keep you informed about the status of your device.
