Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
Semiconductor business between Taiwan and the US is a “win-win” model for both sides given the high level of complementarity, the government said yesterday responding to tariff threats from US President Donald Trump. Home to the world’s largest contract chipmaker, Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), Taiwan is a key link in the global technology supply chain for companies such as Apple Inc and Nvidia Corp. Trump said on Monday he plans to impose tariffs on imported chips, pharmaceuticals and steel in an effort to get the producers to make them in the US. “Taiwan and the US semiconductor and other technology industries
The US Federal Reserve is expected to announce a pause in rate cuts on Wednesday, as policymakers look to continue tackling inflation under close and vocal scrutiny from US President Donald Trump. The Fed cut its key lending rate by a full percentage point in the final four months of last year and indicated it would move more cautiously going forward amid an uptick in inflation away from its long-term target of 2 percent. “I think they will do nothing, and I think they should do nothing,” Federal Reserve Bank of St Louis former president Jim Bullard said. “I think the
SMALL AND EFFICIENT: The Chinese AI app’s initial success has spurred worries in the US that its tech giants’ massive AI spending needs re-evaluation, a market strategist said Chinese artificial intelligence (AI) start-up DeepSeek’s (深度求索) eponymous AI assistant rocketed to the top of Apple Inc’s iPhone download charts, stirring doubts in Silicon Valley about the strength of the US’ technological dominance. The app’s underlying AI model is widely seen as competitive with OpenAI and Meta Platforms Inc’s latest. Its claim that it cost much less to train and develop triggered share moves across Asia’s supply chain. Chinese tech firms linked to DeepSeek, such as Iflytek Co (科大訊飛), surged yesterday, while chipmaking tool makers like Advantest Corp slumped on the potential threat to demand for Nvidia Corp’s AI accelerators. US stock
Cryptocurrencies gave a lukewarm reception to US President Donald Trump’s first policy moves on digital assets, notching small gains after he commissioned a report on regulation and a crypto reserve. Bitcoin has been broadly steady since Trump took office on Monday and was trading at about US$105,000 yesterday as some of the euphoria around a hoped-for revolution in cryptocurrency regulation ebbed. Smaller cryptocurrency ether has likewise had a fairly steady week, although was up 5 percent in the Asia day to US$3,420. Bitcoin had been one of the most spectacular “Trump trades” in financial markets, gaining 50 percent to break above US$100,000 and
RSS