Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
RUN IT BACK: A succesful first project working with hyperscalers to design chips encouraged MediaTek to start a second project, aiming to hit stride in 2028 MediaTek Inc (聯發科), the world’s biggest smartphone chip supplier, yesterday said it is engaging a second hyperscaler to help design artificial intelligence (AI) accelerators used in data centers following a similar project expected to generate revenue streams soon. The first AI accelerator project is to bring in US$1 billion revenue next year and several billion US dollars more in 2027, MediaTek chief executive officer Rick Tsai (蔡力行) told a virtual investor conference yesterday. The second AI accelerator project is expected to contribute to revenue beginning in 2028, Tsai said. MediaTek yesterday raised its revenue forecast for the global AI accelerator used
TEMPORARY TRUCE: China has made concessions to ease rare earth trade controls, among others, while Washington holds fire on a 100% tariff on all Chinese goods China is effectively suspending implementation of additional export controls on rare earth metals and terminating investigations targeting US companies in the semiconductor supply chain, the White House announced. The White House on Saturday issued a fact sheet outlining some details of the trade pact agreed to earlier in the week by US President Donald Trump and Chinese President Xi Jinping (習近平) that aimed to ease tensions between the world’s two largest economies. Under the deal, China is to issue general licenses valid for exports of rare earths, gallium, germanium, antimony and graphite “for the benefit of US end users and their suppliers
Dutch chipmaker Nexperia BV’s China unit yesterday said that it had established sufficient inventories of finished goods and works-in-progress, and that its supply chain remained secure and stable after its parent halted wafer supplies. The Dutch company suspended supplies of wafers to its Chinese assembly plant a week ago, calling it “a direct consequence of the local management’s recent failure to comply with the agreed contractual payment terms,” Reuters reported on Friday last week. Its China unit called Nexperia’s suspension “unilateral” and “extremely irresponsible,” adding that the Dutch parent’s claim about contractual payment was “misleading and highly deceptive,” according to a statement
Artificial intelligence (AI) giant Nvidia Corp’s most advanced chips would be reserved for US companies and kept out of China and other countries, US President Donald Trump said. During an interview that aired on Sunday on CBS’ 60 Minutes program and in comments to reporters aboard Air Force One, Trump said only US customers should have access to the top-end Blackwell chips offered by Nvidia, the world’s most valuable company by market capitalization. “The most advanced, we will not let anybody have them other than the United States,” he told CBS, echoing remarks made earlier to reporters as he returned to Washington
RSS