Millions of smartphones and tablets running Google Inc’s Android operating system have the Heartbleed software bug.
While Google said in a blog post on Wednesday last week that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co, HTC Corp (宏達電) and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said that less than 10 percent of active devices are vulnerable.
Over 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public last week and can expose people to hacking of their passwords and other information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.
Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
“One of the major issues with Android is the update cycle is really long,” said Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd, a cybersecurity company focused on advanced mobile threats.
“The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process,” he added.
Microsoft Corp said on Friday that the Windows and Windows Phone operating systems and most services are not impacted.
“A few services continue to be reviewed and updated with further protections,” Microsoft Trustworthy Computing director Tracey Pretorius wrote in an e-mailed statement.
Apple Inc did not respond to messages for comment.
The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites.
Still, there are no signs that hackers are trying to attack Android devices through the vulnerability, as it would be complicated to set up and the success rate would be low, said Marc Rogers, principal security researcher at the San Francisco-based Lookout Inc.
Individual devices are less attractive because they need to be targeted one-by-one, he said.
“Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don’t expect to see any attacks against devices until after the server attacks have been completely exhausted,” Rogers wrote in an e-mail.
TECH PARTNERSHIP: The deal with Arizona-based Amkor would provide TSMC with advanced packing and test capacities, a requirement to serve US customers Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) is collaborating with Amkor Technology Inc to provide local advanced packaging and test capacities in Arizona to address customer requirements for geographical flexibility in chip manufacturing. As part of the agreement, TSMC, the world’s biggest contract chipmaker, would contract turnkey advanced packaging and test services from Amkor at their planned facility in Peoria, Arizona, a joint statement released yesterday said. TSMC would leverage these services to support its customers, particularly those using TSMC’s advanced wafer fabrication facilities in Phoenix, Arizona, it said. The companies would jointly define the specific packaging technologies, such as TSMC’s Integrated
An Indian factory producing iPhone components resumed work yesterday after a fire that halted production — the third blaze to disrupt Apple Inc’s local supply chain since the start of last year. Local industrial behemoth Tata Group’s plant in Tamil Nadu, which was shut down by the unexplained fire on Saturday, is a key linchpin of Apple’s nascent supply chain in the country. A spokesperson for subsidiary Tata Electronics Pvt yesterday said that the company would restart work in “many areas of the facility today.” “We’ve been working diligently since Saturday to support our team and to identify the cause of the fire,”
China’s economic planning agency yesterday outlined details of measures aimed at boosting the economy, but refrained from major spending initiatives. The piecemeal nature of the plans announced yesterday appeared to disappoint investors who were hoping for bolder moves, and the Shanghai Composite Index gave up a 10 percent initial gain as markets reopened after a weeklong holiday to end 4.59 percent higher, while Hong Kong’s Hang Seng Index dived 9.41 percent. Chinese National Development and Reform Commission Chairman Zheng Shanjie (鄭珊潔) said the government would frontload 100 billion yuan (US$14.2 billion) in spending from the government’s budget for next year in addition
Sales RecORD: Hon Hai’s consolidated sales rose by about 20 percent last quarter, while Largan, another Apple supplier, saw quarterly sales increase by 17 percent IPhone assembler Hon Hai Precision Industry Co (鴻海精密) on Saturday reported its highest-ever quarterly sales for the third quarter on the back of solid global demand for artificial intelligence (AI) servers. Hon Hai, also known as Foxconn Technology Group (富士康科技集團) globally, said it posted NT$1.85 trillion (US$57.93 billion) in consolidated sales in the July-to-September quarter, up 19.46 percent from the previous quarter and up 20.15 percent from a year earlier. The figure beat the previous third-quarter high of NT$1.74 trillion recorded in 2022, company data showed. Due to rising demand for AI, Hon Hai said its cloud and networking division enjoyed strong sales