Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
WASHINGTON’S INCENTIVES: The CHIPS Act set aside US$39 billion in direct grants to persuade the world’s top semiconductor companies to make chips on US soil The US plans to award more than US$6 billion to Samsung Electronics Co, helping the chipmaker expand beyond a project in Texas it has already announced, people familiar with the matter said. The money from the 2022 CHIPS and Science Act would be one of several major awards that the US Department of Commerce is expected to announce in the coming weeks, including a grant of more than US$5 billion to Samsung’s rival, Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), people familiar with the plans said. The people spoke on condition of anonymity in advance of the official announcements. The federal funding for
HIGH DEMAND: The firm has strong capabilities of providing key components including liquid cooling technology needed for AI servers, chairman Young Liu said Hon Hai Precision Industry Co (鴻海精密) yesterday revised its revenue outlook for this year to “significant” growth from a “neutral” view forecast five months ago, due to strong demand for artificial intelligence (AI) servers from cloud service providers. Hon Hai, a major assembler of iPhones that is also known as Foxconn, expects AI server revenues to soar more than 40 percent annually this year, chairman Young Liu (劉揚偉) told investors. The robust growth would uplift revenue contribution from AI servers to 40 percent of the company’s overall server revenue this year, from 30 percent last year, Liu said. In the three-year period
LONG HAUL: Largan Energy Materials’ TNO-based lithium-ion batteries are expected to charge in five minutes and last about 20 years, far surpassing conventional technology Largan Precision Co (大立光) has formed a joint venture with the Industrial Technology Research Institute (ITRI, 工研院) to produce fast-charging, long-life lithium-ion batteries for electric vehicles, mobile electronics and electric storage units, the camera lens supplier for Apple Inc’s iPhones said yesterday. Largan Energy Materials Co (萬溢能源材料), established in January, is developing high-energy, fast-charging, long-life lithium-ion batteries using titanium niobium oxide (TNO) anodes, it said. TNO-based batteries can be fully charged in five minutes and have a lifespan of 20 years, a major advantage over the two to four hours of charging time needed for conventional graphite-anode-based batteries, Largan said in a
Taiwan is one of the first countries to benefit from the artificial intelligence (AI) boom, but because that is largely down to a single company it also represents a risk, former Google Taiwan managing director Chien Lee-feng (簡立峰) said at an AI forum in Taipei yesterday. Speaking at the forum on how generative AI can generate possibilities for all walks of life, Chien said Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) — currently among the world’s 10 most-valuable companies due to continued optimism about AI — ensures Taiwan is one of the economies to benefit most from AI. “This is because AI is