Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
CHIP RACE: Three years of overbroad export controls drove foreign competitors to pursue their own AI chips, and ‘cost US taxpayers billions of dollars,’ Nvidia said China has figured out the US strategy for allowing it to buy Nvidia Corp’s H200s and is rejecting the artificial intelligence (AI) chip in favor of domestically developed semiconductors, White House AI adviser David Sacks said, citing news reports. US President Donald Trump on Monday said that he would allow shipments of Nvidia’s H200 chips to China, part of an administration effort backed by Sacks to challenge Chinese tech champions such as Huawei Technologies Co (華為) by bringing US competition to their home market. On Friday, Sacks signaled that he was uncertain about whether that approach would work. “They’re rejecting our chips,” Sacks
NATIONAL SECURITY: Intel’s testing of ACM tools despite US government control ‘highlights egregious gaps in US technology protection policies,’ a former official said Chipmaker Intel Corp has tested chipmaking tools this year from a toolmaker with deep roots in China and two overseas units that were targeted by US sanctions, according to two sources with direct knowledge of the matter. Intel, which fended off calls for its CEO’s resignation from US President Donald Trump in August over his alleged ties to China, got the tools from ACM Research Inc, a Fremont, California-based producer of chipmaking equipment. Two of ACM’s units, based in Shanghai and South Korea, were among a number of firms barred last year from receiving US technology over claims they have
BARRIERS: Gudeng’s chairman said it was unlikely that the US could replicate Taiwan’s science parks in Arizona, given its strict immigration policies and cultural differences Gudeng Precision Industrial Co (家登), which supplies wafer pods to the world’s major semiconductor firms, yesterday said it is in no rush to set up production in the US due to high costs. The company supplies its customers through a warehouse in Arizona jointly operated by TSS Holdings Ltd (德鑫控股), a joint holding of Gudeng and 17 Taiwanese firms in the semiconductor supply chain, including specialty plastic compounds producer Nytex Composites Co (耐特) and automated material handling system supplier Symtek Automation Asia Co (迅得). While the company has long been exploring the feasibility of setting up production in the US to address
OPTION: Uber said it could provide higher pay for batch trips, if incentives for batching is not removed entirely, as the latter would force it to pass on the costs to consumers Uber Technologies Inc yesterday warned that proposed restrictions on batching orders and minimum wages could prompt a NT$20 delivery fee increase in Taiwan, as lower efficiency would drive up costs. Uber CEO Dara Khosrowshahi made the remarks yesterday during his visit to Taiwan. He is on a multileg trip to the region, which includes stops in South Korea and Japan. His visit coincided the release last month of the Ministry of Labor’s draft bill on the delivery sector, which aims to safeguard delivery workers’ rights and improve their welfare. The ministry set the minimum pay for local food delivery drivers at
RSS