“Millions of smartphones and tablets running Google Inc.’s Android operating system have the Heartbleed software bug, in a sign of how broadly the flaw extends beyond the Internet and into consumer devices,” Jordan Robertson reports for Bloomberg News. “While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the ‘limited exception’ was one version dubbed 4.1.1, which was released in 2012.”
“Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co., HTC Corp. and other manufacturers,” Robertson reports. “Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said less than 10 percent of active devices are vulnerable. More than 900 million Android devices have been activated worldwide.”
Robertson reports, “‘One of the major issues with Android is the update cycle is really long,’ said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd., a cyber-security company focused on advanced mobile threats. ‘The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process.’ Christopher Katsaros, a spokesman for Mountain View, California-based Google, confirmed there are millions of Android 4.1.1 devices.”
Read more in the full article here.
Related articles:
Apple’s iOS, OS X don’t have Heartbleed bug but Android and BlackBerry’s BBM do – April 11, 2014
Apple on ‘Heartbleed’ bug: iPhone, iPad, Mac and iCloud unaffected – April 10, 2014
What to do about Heartbleed, a gaping security hole affecting 66 percent of the Internet (at least) – April 9, 2014
900 million devices activated is some serious market share. Takes you back to how the larger you are the bigger target you present to the sick people who try to create havoc.
It’s not so much security through obscurity in this case as insecurity through impurity for Android. 🙂
Let us not forget that the 900 million Android phones does NOT equal 900 smartphone users. Majority of these devices are grossly underpowered devices that can barely function even with the built-in apps. Many of the owners there only use them as phones (for talking, texting and occasional e-mailing).
Samsung Security:
We do chicken right.
Android Security:
So do we
Does that include Android powered refrigerators, ovens, TV. toilets?
The security community has only barely begun to scratch the surface of security of ‘The Internet of Things’. Every report I’ve seen so far indicates zero security, maximum infection and PWNage amidst The Internet of Things. They’ve been implicated in vast botnets.
Could not happen to nicer guys…
android… security… can’t I just can’t
Just look for the “NSA on-board” sticker
As I’ve traveled back through time, I’ve seen this over and over …so many times, I’ve seen this. There’s always a group of tiny people climbing the legs of the one among them who has stature, who has creative intelligence and integrity ..in order to make gains they otherwise could not have made. History records google and shamwow to be among the tiny of this time period. They got pretty high and they had their day ..but eventually, they did fall off and many there were that made attempts to scrape their names from the walls of the temple.
As much as I don’t care for android, the author has spun the facts to fit their position. 900 million units have shipped (how many sold, and how many returned)? 10% affected, by who’s estimates? The authors? The version affected if 4.1.1, but the author then throws in all variants of 4.1 as affected. 4.1.1 is very specific but 4.1 is over a year if development lifetime. I suspect it is more likely that many of the 4.1 devices are not running 4.1.1, but then again, I didn’t research it. I just find it fishy that the author chose to be so specific in one reference and then so vague after that. I’m just glad my macs and iOS powered devices are safe.
My heart bleeds…
The folly of pursuing Market Share.