Android Apps: 150M Downloads 'Vulnerable' to Heartbleed Bug; Gaming Apps Targeted
By Pavithra Rathinavel | April 24, 2014 11:03 PM EST
Although security patch for Heartbleed bug is available and many Web sites and services patched successfully requesting the users to change their passwords, Android apps somehow has slipped the purview of scrutiny.
A Google Android figurine sits on the welcome desk as employee Tracy McNeilly smiles at the new Google office in Toronto, November 13, 2012.
Android apps are very much vulnerable. Updating the security patch for all the vulnerable Android apps is not an easy task.
According to a new study by FireEye, a security research firm, there were nearly 150 million downloads of Android apps that were vulnerable to the Heartbleed bug, as reported by Re/code.
FireEye researchers said the classified Heartbleed finder/detector apps that can be downloaded from Google Play store do not have the capability to uproot the vulnerable apps that have been downloaded.
Even though there were as many as 17 Android security apps that scan for the bugs and vulnerabilities among apps periodically, at least six of such security apps used insufficient techniques to check for this particular Heartbleed vulnerability. Thus, they ignored the bug and assumed it to be a genuine app.
The researchers said, "Android apps frequently use native libraries, which either directly or indirectly leverage vulnerable OpenSSL libraries. Hence, even though the Android platform itself is not vulnerable, attackers can still attack those vulnerable apps. They can hijack the network traffic, redirect the app to a malicious server and then send heartbeat messages to the app to steal sensitive memory contents."
Apps Affected the Most
Most of the apps affected by Heartbleed bug were Gaming apps. Although gaming apps did not store useful or sensitive data, many of such apps used authorization credentials linked to Facebook, Twitter or any other social networking sites' accounts.
Letting the hacker to hijack a gaming app account provided access to valuable or sensitive data from social networking accounts.
The only consolation was that the prompt app developers were doing all that they can to patch their apps to avoid being vulnerable to the deadly and widespread Heartbleed bug.
As April 10, there were about a whopping 220 million downloads of apps vulnerable to the bug. But when the same test was run after a week on April 17, the number of such downloads reduced to 150 million.
To contact the editor, e-mail:
Most Popular Slideshows
- Real Life ‘Frozen’: Snow Overwhelms The US, Kills 7; More To Come (Pictures)
- Angelina Jolie, Brad Pitt in Sydney for ‘Unbroken’ Red Carpet Premiere [PHOTOS]
- ‘The Walking Dead’ Season 5, Episode 8 Spoilers: Daryl Dixon Is Set To Burn The Place Down in ‘Coda’
- G20 Summit Awkward Moments: Putin Yawns, Mystery Bubbles Appear, F18 Drama Ensues
Join the Conversation
- Walmart Early Price Matching Special Event On Nov. 21, 2014 Matches Its Competitors' Black Friday 2014 Prices And Includes Exclusive Deals For Samsung LED HDTVs And iPad Air 2 [WATCH VIDEO]
- US Plane Flying Over Russian Skies Spotted; Vladimir Putin Ready For 'Practical Cooperation' With US
- Alleged 'Microsoft Lumia 1030' Front Panel Leaked With Capacitive Buttons; 'Xbox One' Owners To Get Free Goodies On Anniversary
- Nexus 6 Release Date And Price Under AT&T, T-Mobile And Sprint Listed
- Walmart Pre-Black Friday 2014 Sale On Nov. 21, 2014 Includes Discounts On The 'NBA 2K15' For PS4 And The 'Skylanders Trap Team’ Starter Kit [WATCH VIDEO]
- Black Friday 2014 Sale: Top Deals On Game Consoles Xbox One, PS4, Nintendo Wii U And More
- Cold War 2: Russia, China And North Korea’s Blacklisted Company Fortify Alliance -- Reports