OpenSSL “Heartbleed” vulnerability highly likely to impact smartphone users
0. phoneArena 11 Apr 2014, 19:20 posted on
If you spend any amount of time on the internet, you have very likely heard about a flaw in the OpenSSL...
This is a discussion for a news. To read the whole news, click here
1. Johnnokia (Posts: 464; Member since: 27 May 2012)
Except for BlackBerry that scores Zero vulnerability
2. Maxwell.R (Posts: 158; Member since: 20 Sep 2012)
If you re-read the article, you will understand this is a transport layer vulnerability, not an OS issue. If you use a service that has not updated its certificates, you could be using a BlackBerry, a blackphone, or cans-on-a-string, the problem is still there.
3. Johnnokia (Posts: 464; Member since: 27 May 2012)
This is what BlackBerry addressed:
''BlackBerry is currently investigating the customer impact of the recently announced OpenSSL vulnerability. BlackBerry customers can rest assured that while BlackBerry continues to investigate, we have determined that BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 are not affected and are fully protected from the OpenSSL issue''
BlackBerry Enterprise Service 10
BlackBerry Enterprise Server 5
BlackBerry Universal Device Server
BlackBerry® 10 OS
BlackBerry® 7.1 OS and earlier
BBM for BlackBerry smartphones
So, BlackBerry smartphones are NOT affected by this issue.
6. Maxwell.R (Posts: 158; Member since: 20 Sep 2012)
Completely not related to where the Heartbleed vulnerability resided. If an app you are using on a BB is establishing secure sessions with a server that has not been patched, the data is at risk. It is not an OS or BES issue.
4. GadgetsMcGoo (Posts: 163; Member since: 15 Mar 2013)
It's those software that is using the "OpenSSL" implemention of the SSL standard that has been affected. If you are using another implementation, then you are not likely to be affected.
11. lllIIIlllIIl (banned) (Posts: 48; Member since: 11 Apr 2014)
Wrong. Apple and its iOS platform are not vulnerable. The only things that are vulnerable are emails and passwords. This article is poorly written compared to the others I have seen.
5. taz89 (Posts: 2009; Member since: 03 May 2011)
Didn't Google say that "only" Android 4.1.1 is effected and the rest are not? Let's hope no one knew about this effed up security hole and everyone updates it's tls and certification ASAP.
7. sprockkets (Posts: 1079; Member since: 16 Jan 2012)
FYI I checked the changelogs of CM for my Nexus 7 2013. On apr 6, they patched the SSL library.
However, as far I can tell, the vulnerability is server side where it can read the keys in memory. Not sure if doing it on the device will mean anything, but there it is.
12. Droid_X_Doug (Posts: 5534; Member since: 22 Dec 2010)
If the vulnerability is server-side, how does the client (end user device) become vulnerable in and of itself? As I understand it, the hole occurs each time a session is created with a compromised server, which is why companies like Yahoo, USAA, etc. are scrambling to patch their servers to close the vulnerability.
8. N-fanboy (Posts: 528; Member since: 12 Jan 2013)
Thank God there is no mobile/online banking in place here in Ethiopia.
10. Neutral (Posts: 30; Member since: 19 Oct 2013)
There actually are homeboy.
Zemen Bank, Commercial Bank, etc. They advertise it too.
9. jroc74 (Posts: 4720; Member since: 30 Dec 2010)
And I do ALOT of online transactions...damn....
14. Mohammad_Abu-Shukur (Posts: 20; Member since: 08 Nov 2013)
who said that apps were secure before heartbleed!!
everybody should know that everything in this tech world is observed by away or anther
thats what i see...
wt do u think?