{"id":54492,"date":"2014-04-14T17:19:49","date_gmt":"2014-04-14T09:19:49","guid":{"rendered":"http:\/\/techielobang.com\/blog\/?p=54492"},"modified":"2014-04-14T17:19:49","modified_gmt":"2014-04-14T09:19:49","slug":"your-mobile-apps-are-affected-by-heartbleed-bug-too","status":"publish","type":"post","link":"https:\/\/techielobang.com\/blog\/2014\/04\/14\/your-mobile-apps-are-affected-by-heartbleed-bug-too\/","title":{"rendered":"Your Mobile Apps are affected by Heartbleed Bug too"},"content":{"rendered":"

If you have not heard of Heartbleed<\/a> Bug as of now, you need to get the information ASAP. According to Trend Micro<\/a>, even mobile apps are affected by it. Read on for more information.<\/p>\n

\"heartbleed\"<\/p>\n

<\/p>\n

Media Release<\/strong><\/span><\/p>\n

Heartbleed Bug\u2014Mobile Apps are Affected Too<\/h2>\n

14 April 2014 \u2013<\/b> The severity of the\u00a0Heartbleed bug<\/a>\u00a0has led countless websites and servers scrambling to address the issue. And with good reason\u2014a test conducted on Github<\/a>\u00a0showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica.<\/p>\n

All the extended coverage of the flaw begs the question, \u201cAre mobile devices affected by this?\u201d The short answer: yes.<\/p>\n

Mobile apps, like it or not, are just as vulnerable to the Heartbleed Bug as websites are because apps often connect to servers and web services to complete various functions. As our\u00a0previous blog entry<\/a>\u00a0has shown, a sizable number of domains are affected by this vulnerability.<\/p>\n

Suppose you\u2019re just about to pay for an in-app purchase, and to do so you need to input your credit card details. You do so, and the mobile app finishes the transaction for you. While you\u2019re getting on with your game, your credit card data is stored in the server that the mobile app did the transaction with, and may stay there for an indeterminate period of time. As such, cybercriminals can take advantage of the Heartbleed bug to target that server and milk it of information (like your credit card number). It\u2019s as simple and easy as that.<\/p>\n

What about apps that don\u2019t offer in-app purchases? Are they safe from this vulnerability? Not really\u2014as long as it connects to an online server, it\u2019s still vulnerable, even if your credit card isn\u2019t involved. For example, your app could ask you to \u2018like\u2019 them on a social network, or \u2018follow\u2019 them on yet another for free rewards.<\/p>\n

Suppose you decide to do so, and tap \u2018OK\u2019. Chances are your app will open the website on their own, through their own\u00a0in-app browser<\/a>, and have you log into the social network there. While we\u2019re not saying the social networks you go are vulnerable to the Heartbleed bug, the possibility is there, and thus the risk is there as well.<\/p>\n

We looked deeper into the matter, and inspected some web services used by popular mobile apps and the results show that the vulnerability still exists.<\/p>\n

We scanned around 390,000 apps from Google Play, and found around 7,000 apps connected to vulnerable servers. Among them are 15 bank-related apps, 39 online payment-related, and 10 are online shopping related. We also found several popular apps that many users would use on a daily basis, like instant messaging apps, health care apps, keyboard input apps\u2013and most concerning, even mobile payment apps. These apps use sensitive personal and financial information\u2014data mines just ripe for the cybercriminal\u2019s picking.<\/p>\n

What can be done against the Heartbleed bug, then? Not a whole lot, we\u2019re afraid. We can tell you to change your password, but that\u2019s not going to help if the app developers\u2014and the web service providers as well\u2014don\u2019t fix the problem on their end. This means upgrading to the patched version of OpenSSL, or at least turning off the problematic heartbeat extension.<\/p>\n

Until then, what we can advise you to do is to lay off the in-app purchases or any financial transactions for a while (including banking activities), until your favourite app\u2019s developer releases a patch that does away with the vulnerability.<\/p>\n

[ad#img]<\/p>\n","protected":false},"excerpt":{"rendered":"

If you have not heard of Heartbleed Bug as of now, you need to get the information ASAP. According to Trend Micro, even mobile apps are affected by it. Read on..<\/p>\n","protected":false},"author":1,"featured_media":54467,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1509,5,6,14],"tags":[2051,2344,12646,4357,8990,9271,12644,12651,9994,15929,559,12645,1804,2265,9807,1961,1021,4352,4118],"class_list":["post-54492","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-featured","category-mobile","category-pda","category-techie","tag-app","tag-bug","tag-encrypt","tag-featured-2","tag-hacker","tag-handphone","tag-hearbleed-bug","tag-heartbleed","tag-in-app","tag-mobile","tag-mobile-app","tag-openssl","tag-password","tag-phone","tag-secured","tag-security","tag-smartphone","tag-ssl","tag-trend-micro"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/techielobang.com\/blog\/wp-content\/uploads\/2014\/04\/heartbleed.png?fit=341%2C413&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p8YKZ-eaU","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/posts\/54492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/comments?post=54492"}],"version-history":[{"count":1,"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/posts\/54492\/revisions"}],"predecessor-version":[{"id":54493,"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/posts\/54492\/revisions\/54493"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/media\/54467"}],"wp:attachment":[{"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/media?parent=54492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/categories?post=54492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techielobang.com\/blog\/wp-json\/wp\/v2\/tags?post=54492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}