Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
NEW MARKET: The partnership opens up India to the Dutch company, which already has a strong hold in the semiconductor market of South Korea, Taiwan and China ASML Holding NV entered into a partnership agreement with Tata Electronics Pvt Ltd aimed at ramping up India’s goal to develop domestic chip-manufacturing capabilities. The Dutch company’s technology would help power Tata Electronics’ planned 300 millimeter (mm) semiconductor foundry in Gujarat, according to a joint statement from the two companies on Saturday. The signing of a memorandum of understanding coincides with a visit by Indian Prime Minister Narendra Modi to the Netherlands, which is looking to deepen bilateral relations with New Delhi. ASML, whose top customers include Taiwan Semiconductor Manufacturing Co (台積電) and Samsung Electronics Co, makes lithography machines that can print
PORTFOLIO REBALANCING: The adjustments in three global equity indices reflect rising investor appetite for semiconductor and artificial intelligence-related stocks Taiwan’s weighting in major global equity indices compiled by MSCI Inc is to rise modestly following the latest quarterly review, underscoring the market’s expanding role in emerging-market portfolios, as global investors continue to favor the nation’s technology sector. Taiwan’s weighting in the MSCI Emerging Markets Index is to increase by 0.30 percentage points to 23.76 percent, after the changes take effect at the close of the May 29 session. Its weighting in the MSCI All-Country Asia ex-Japan Index is to rise 0.37 percentage points to 27.16 percent, while that in the MSCI All Country World Index is to edge up slightly to
The Hsinchu County Government’s Labor Affairs Department yesterday said that it has received a plan from cosmetics brand Taiwan Shiseido Co (台灣資生堂) detailing mass layoffs at its plant in Hukou Township (湖口). While the labor authorities did not disclose the number of employees to be laid off, Japanese news media earlier in the day reported that the closure of the company’s factory in Hukou would result in 170 employees losing their jobs. Shiseido followed the law by reporting its layoff plan, the department said, adding that authorities would closely monitor negotiations between the management and affected employees and step in if any
Hon Hai Precision Industry Co (鴻海精密) on Tuesday confirmed a cyberattack targeting some of its North American facilities, but said the affected factories were gradually returning to normal. The company, known globally as Foxconn Technology Group (富士康科技集團), said that its cybersecurity team “activated the response mechanism and implemented operational measures to ensure the continuity of production and delivery.” “The affected factories are resuming normal production,” the company said in a statement. Hon Hai had previously described it as a “technical issue,” when news of the cyberattack first surfaced. The confirmation followed media reports of a large-scale information technology system incident that broke out at
RSS