x PhoneArena is hiring! Reviewer in the USA
  • Options

OpenSSL “Heartbleed” vulnerability highly likely to impact smartphone users

0. phoneArena posted on 11 Apr 2014, 19:20

If you spend any amount of time on the internet, you have very likely heard about a flaw in the OpenSSL...

This is a discussion for a news. To read the whole news, click here

posted on 11 Apr 2014, 19:30

1. Johnnokia (Posts: 1144; Member since: 27 May 2012)

Except for BlackBerry that scores Zero vulnerability

posted on 11 Apr 2014, 19:42 12

2. Maxwell.R (Posts: 218; Member since: 20 Sep 2012)

If you re-read the article, you will understand this is a transport layer vulnerability, not an OS issue. If you use a service that has not updated its certificates, you could be using a BlackBerry, a blackphone, or cans-on-a-string, the problem is still there.

posted on 11 Apr 2014, 19:55 2

3. Johnnokia (Posts: 1144; Member since: 27 May 2012)

This is what BlackBerry addressed:

''BlackBerry is currently investigating the customer impact of the recently announced OpenSSL vulnerability. BlackBerry customers can rest assured that while BlackBerry continues to investigate, we have determined that BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 are not affected and are fully protected from the OpenSSL issue''

Non-Affected Software

BlackBerry Enterprise Service 10
BlackBerry Enterprise Server 5
BlackBerry Universal Device Server
BlackBerry® 10 OS
BlackBerry® 7.1 OS and earlier
BBM for BlackBerry smartphones

So, BlackBerry smartphones are NOT affected by this issue.

posted on 11 Apr 2014, 20:46 5

6. Maxwell.R (Posts: 218; Member since: 20 Sep 2012)

Completely not related to where the Heartbleed vulnerability resided. If an app you are using on a BB is establishing secure sessions with a server that has not been patched, the data is at risk. It is not an OS or BES issue.

posted on 11 Apr 2014, 20:02 2

4. GadgetsMcGoo (Posts: 168; Member since: 15 Mar 2013)

It's those software that is using the "OpenSSL" implemention of the SSL standard that has been affected. If you are using another implementation, then you are not likely to be affected.

posted on 12 Apr 2014, 06:27 2

11. lllIIIlllIIl (banned) (Posts: 48; Member since: 11 Apr 2014)

Wrong. Apple and its iOS platform are not vulnerable. The only things that are vulnerable are emails and passwords. This article is poorly written compared to the others I have seen.

posted on 11 Apr 2014, 20:30

5. taz89 (Posts: 2014; Member since: 03 May 2011)

Didn't Google say that "only" Android 4.1.1 is effected and the rest are not? Let's hope no one knew about this effed up security hole and everyone updates it's tls and certification ASAP.

posted on 11 Apr 2014, 20:56

7. sprockkets (Posts: 1611; Member since: 16 Jan 2012)

FYI I checked the changelogs of CM for my Nexus 7 2013. On apr 6, they patched the SSL library.

However, as far I can tell, the vulnerability is server side where it can read the keys in memory. Not sure if doing it on the device will mean anything, but there it is.

posted on 12 Apr 2014, 11:09

12. Droid_X_Doug (Posts: 5993; Member since: 22 Dec 2010)

If the vulnerability is server-side, how does the client (end user device) become vulnerable in and of itself? As I understand it, the hole occurs each time a session is created with a compromised server, which is why companies like Yahoo, USAA, etc. are scrambling to patch their servers to close the vulnerability.

posted on 11 Apr 2014, 20:56 1

8. N-fanboy (Posts: 543; Member since: 12 Jan 2013)

Thank God there is no mobile/online banking in place here in Ethiopia.

posted on 11 Apr 2014, 23:47

10. Neutral (Posts: 30; Member since: 19 Oct 2013)

There actually are homeboy.
Zemen Bank, Commercial Bank, etc. They advertise it too.

posted on 11 Apr 2014, 21:33

9. jroc74 (Posts: 6019; Member since: 30 Dec 2010)

And I do ALOT of online transactions...damn....

posted on 12 Apr 2014, 12:28

13. Arte-8800 (banned) (Posts: 4562; Member since: 13 Mar 2014)

use avast or premium paid version

posted on 13 Apr 2014, 07:50

14. Mohammad_Abu-Shukur (Posts: 25; Member since: 08 Nov 2013)

who said that apps were secure before heartbleed!!
everybody should know that everything in this tech world is observed by away or anther
thats what i see...
wt do u think?

Want to comment? Please login or register.

Latest stories