Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
Nvidia Corp chief executive officer Jensen Huang (黃仁勳) on Monday introduced the company’s latest supercomputer platform, featuring six new chips made by Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), saying that it is now “in full production.” “If Vera Rubin is going to be in time for this year, it must be in production by now, and so, today I can tell you that Vera Rubin is in full production,” Huang said during his keynote speech at CES in Las Vegas. The rollout of six concurrent chips for Vera Rubin — the company’s next-generation artificial intelligence (AI) computing platform — marks a strategic
Enhanced tax credits that have helped reduce the cost of health insurance for the vast majority of US Affordable Care Act enrollees expired on Jan.1, cementing higher health costs for millions of Americans at the start of the new year. Democrats forced a 43-day US government shutdown over the issue. Moderate Republicans called for a solution to save their political aspirations this year. US President Donald Trump floated a way out, only to back off after conservative backlash. In the end, no one’s efforts were enough to save the subsidies before their expiration date. A US House of Representatives vote
REVENUE PERFORMANCE: Cloud and network products, and electronic components saw strong increases, while smart consumer electronics and computing products fell Hon Hai Precision Industry Co (鴻海精密) yesterday posted 26.51 percent quarterly growth in revenue for last quarter to NT$2.6 trillion (US$82.44 billion), the strongest on record for the period and above expectations, but the company forecast a slight revenue dip this quarter due to seasonal factors. On an annual basis, revenue last quarter grew 22.07 percent, the company said. Analysts on average estimated about NT$2.4 trillion increase. Hon Hai, which assembles servers for Nvidia Corp and iPhones for Apple Inc, is expanding its capacity in the US, adding artificial intelligence (AI) server production in Wisconsin and Texas, where it operates established campuses. This
US President Donald Trump on Friday blocked US photonics firm HieFo Corp’s US$3 million acquisition of assets in New Jersey-based aerospace and defense specialist Emcore Corp, citing national security and China-related concerns. In an order released by the White House, Trump said HieFo was “controlled by a citizen of the People’s Republic of China” and that its 2024 acquisition of Emcore’s businesses led the US president to believe that it might “take action that threatens to impair the national security of the United States.” The order did not name the person or detail Trump’s concerns. “The Transaction is hereby prohibited,”
RSS