Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
HORMUZ ISSUE: The US president said he expected crude prices to drop at the end of the war, which he called a ‘minor excursion’ that could continue ‘for a little while’ The United Arab Emirates (UAE) and Kuwait started reducing oil production, as the near-closure of the crucial Strait of Hormuz ripples through energy markets and affects global supply. Abu Dhabi National Oil Co (ADNOC) is “managing offshore production levels to address storage requirements,” the company said in a statement, without giving details. Kuwait Petroleum Corp said it was lowering production at its oil fields and refineries after “Iranian threats against safe passage of ships through the Strait of Hormuz.” The war in the Middle East has all but closed Hormuz, the narrow waterway linking the Persian Gulf to the open seas,
Apple Inc increased iPhone production in India by about 53 percent last year and now makes a quarter of its marquee devices there, reflecting the US company’s efforts to avoid tariffs on China. The company assembled about 55 million iPhones in India last year, up from 36 million a year earlier, people familiar with the matter said, asking not to be named because the numbers aren’t public. Apple makes about 220 million to 230 million iPhones a year globally, with India’s share of the total increasing rapidly. Apple has accelerated its expansion in the world’s most populous country in recent years, bolstered
HEADWINDS: The company said it expects its computer business, as well as consumer electronics and communications segments to see revenue declines due to seasonality Pegatron Corp (和碩) yesterday said it aims to grow its artificial intelligence (AI) server revenue more than 10-fold this year from last year, driven by orders from neocloud solutions clients and large cloud service providers. The electronics manufacturing service provider said AI server revenue growth would be driven primarily by the Nvidia Corp GB300 server platform. Server shipments are expected to increase each quarter this year, with the second half likely to outperform the first half, it said. The AI server market is expected to broaden this year as more inference applications emerge, which would drive demand for system-on-chip, application-specific integrated circuits
PROJECTION: TSMC said it expects strong growth this year, with revenue in US dollars projected to grow by about 30 percent, outperforming the industry Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday reported consolidated sales last month reached NT$317.66 billion (US$9.98 billion), the highest ever for the month of February, driven by robust demand for chips built using the company’s advanced 3-nanometer (3nm) process. Last month’s figure was up 22.2 percent from a year earlier, but fell 20.8 percent from January, the world’s largest contract chipmaker said in a statement. For the first two months of the year, TSMC posted cumulative sales of NT$718.91 billion, up 29.9 percent from a year earlier. Analysts attributed the growth to sustained global demand for artificial intelligence (AI) products
RSS