Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
The government yesterday approved applications by Alphabet Inc’s Google to invest NT$27.08 billion (US$859.98 million) in Taiwan, the Ministry of Economic Affairs said in a statement. The Department of Investment Review approved two investments proposed by Google, with much of the funds to be used for data processing and electronic information supply services, as well as inventory procurement businesses in the semiconductor field, the ministry said. It marks the second consecutive year that Google has applied to increase its investment in Taiwan. Google plans to infuse NT$25.34 billion into Charter Investments Ltd (特許投資顧問) through its Singapore-based subsidiary Fructan Holdings Singapore Pte Ltd, and
Micron Technology Inc is a driving force pushing the US Congress to pass legislation that would put new export restrictions on equipment its Chinese competitors use to make their chips, according to people familiar with the matter. A US House of Representatives panel yesterday was to vote on the “MATCH Act,” a bill designed to close gaps in restrictions on chipmaking equipment. It would also pressure foreign companies that sell equipment to Chinese chipmaking facilities to align with export curbs on US companies like Lam Research Corp and Applied Materials Inc. The bill targets facilities operated by China’s ChangXin Memory Technologies Inc
Singapore-based ride-hailing and delivery giant Grab Holdings’ planned acquisition of Foodpanda’s Taiwan operations has yet to enter the formal review stage, as regulators await supplementary documents, the Fair Trade Commission (FTC) said yesterday. Acting FTC Chairman Chen Chih-min (陳志民) told the legislature’s Economics Committee that although Grab submitted its application on March 27, the case has not been officially accepted because required materials remain incomplete. Once the filing is finalized, the FTC would launch a formal probe into the deal, focusing on issues such as cross-shareholding and potential restrictions on market competition, Chen told lawmakers. Grab last month announced that it would acquire
SECOND-RATE: Models distilled from US products do not perform the same as the original and undo measures that ensure the systems are neutral, the US’ cable said The US Department of State has ordered a global push to bring attention to what it said are widespread efforts by Chinese companies, including artificial intelligence (AI) start-up DeepSeek (深度求索), to steal intellectual property from US AI labs, according to a diplomatic cable. The cable, dated Friday and sent to diplomatic and consular posts around the world, instructs diplomatic staff to speak to their foreign counterparts about “concerns over adversaries’ extraction and distillation of US AI models.” Distillation is the process of training smaller AI models using output from larger, more expensive ones to lower the costs of training a powerful new
RSS