Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
The domestic unit of the Chinese-owned, Dutch-headquartered chipmaker Nexperia BV will soon be able to produce semiconductors locally within China, according to two company sources. Nexperia is at the center of a global tug-of-war over critical semiconductor technology, with a Dutch court in February ordering a probe into alleged mismanagement at the company. The geopolitical tussle has disrupted supply chains, with some carmakers reportedly forced to cut production due to chip shortages. Local production would allow Nexperia’s domestic arm, Nexperia Semiconductors (China) Ltd (安世半導體中國), to bypass restrictions in place since October on the supply of silicon wafers — etched with tiny components to
Taiwan is open to joining a global liquefied natural gas (LNG) program if one is created, but on the condition that countries provide delivery even in a scenario where there is a conflict with China, an energy department official said yesterday. While Taiwan’s priority is to have enough LNG at home, the nation is open to exploring potential strategic reserves in other countries such as Japan or South Korea, Energy Administration Deputy Director-General Chen Chung-hsien (陳崇憲) said. While the LNG market does not have a global reserve for emergencies like that of oil, the concept has been raised a few times —
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday received government approval to deploy its advanced 3-nanometer (3nm) process at its second fab currently under construction in Japan, the Ministry of Economic Affairs said in a news release. The ministry green-lit the plan for the facility in Kumamoto, which is scheduled to start installing equipment and come online in 2028 with a monthly production capacity of 15,000 12-inch wafers, the ministry said. The Department of Investment Review in June 2024 authorized a US$5.26 billion investment for the facility, slated to manufacture 6- to 12nm chips, significantly less advanced than 3nm process. At a meeting with
Standard Chartered Taiwan on March 26 announced that it has partnered with international fintech firm FinIQ to build an “Automated Structured Products Pricing Platform.” The bank is also introducing products from global issuers including Goldman Sachs Group Inc, Barclays PLC and BNP Paribas SA. The new platform enables an end-to-end process whereby it finds the most competitive pricing across multiple issuers in a matter of minutes, followed by automated documentation and transaction execution, which significantly shortens time-to-market and delivers a superior wealth management experience. Standard Chartered Bank Taiwan CEO Anthony Yu (游天立) said: “Standard Chartered is increasingly leveraging its wealth management
RSS