The Heartbleed bug, the biggest threat to internet security since, well, ever, has been making headlines all week, and some Android phones (those running Android 4.1.1, NOT newer phones like the Samsung Galaxy S5 or the HTC One M8) are vulnerable to it.
Attacks on individual devices are unlikely, and would be initiated by the user clicking on a malicious link or installing a malicious app. Thus, follow good security practice (don’t click on things you don’t know etc), to keep yourself safe until Google and manufacturers have fixed the Heartbleed bug.
This week has been one of the most frantic weeks in the decades-long history of the internet, and since you’re reading this on the internet, you’ve may have already heard why: this week, the Heartbleed bug became public knowledge.
News sites have called it the worst security threat the internet has ever faced, and some Android phones are also left vulnerable to attack through the Heartbleed bug, as reported on by security firm Bluebox.
Before you start to panic, however, not all Android phones are affected; for those running stock Android, only phones running Android 4.1.1 are vulnerable (although some manufacturer/network-specific builds of other Android versions are also affected), so phones like the Samsung Galaxy S5 and the HTC One M8 should be perfectly safe.
While this is a serious threat to security on the internet, it’s important that people don’t panic needlessly. There are countless guides for what to do with any websites where you have an account (put simply, check they’ve been patched, and then change your passwords for all of them), but affected smartphones, while still being vulnerable, are not a sign that the sky is falling.
Bluebox has published a Heartbleed bug scanner on Google Play, and this will tell you if your phone is vulnerable (plus which apps on your phone may be vulnerable; at the time of writing, Angry Birds was one of the most notable apps to be vulnerable to the bug), but even if it is, continue to not panic!
Client-side attacks on affected phones are much harder to pull off than attacks on servers, for one thing, and would require the user to click on a malicious link or open malicious software, so as with phishing scams, don’t click on random things, or install things you’re not sure about!
Google and manufacturers are working to get your phones properly secured, so stay tuned for more updates.