The Heartbleed vulnerability has escalated to a new high,it seems that the security flaw now has Android users and Wireless Router manufacturers scrambling all over the place in the wake of the newly updated version of the bug.Only approximately a month after the world was hit by the original Heartbleed vulnerability that version two (2) AKA Cupid is now putting the world on edge once more.
What is the
The Heartbleed vulnerability or Bug is a security loophole in the Open SSL Cryptography library. This loophole essentially allows hackers to steal information protected by SSL/TLS encryption over web services such as instant messaging, email and other private networks.
Put plainly the flaw allows the bad guys to read the memory of any system protected by the flawed versions of OpenSSL software.This was such a big problem for many websites and critical systems such as monetary to communication as the data of users which was now under attack by Hackers that could acquire users names, passwords and their other forms of personal data by listening in on communications or stealing the data directly from the vulnerable servers.
What can be done? for the first wave of attacks the affected companies had to first update their OpenSSL and prompt users to change their passwords only after updating their open SSL software was updated and not before.
The rise of Heartbleed Cupid
So today we now have the new Heartbleed Cupid which was reported from Portuguese security researcher Luis Grangeia who explains how the old vulnerability can be used to attack Android devices over WiFi. The new flaw works much like the old one but instead of over the internet it does the same over WiFi.
This can be done by trapping users with a baited Router or compromising an existing one. The data is then stolen from the Android devices that’s connected to the affected Router ,Manufactures of Routers and Android will be scrambling to update their systems in the coming days so look out for update warnings and be careful what public WiFi networks you connect to.Unlike the first Heartbleed vulnerability the world is better prepared and their should be less of a fallout.
Android Devices Running Jelly Bean 4.1.1
If you are running Jellybean 4.1.1 on your Android device this edition is batting its eyes and waiting on heartbleed cupid so it’s recommended that you update immediately. Also if you are the type of user to fall for the good old “honey pot trick” were hackers in an attempt to steal your data leave an open WiFi in hope that you are dumb enough to connect for free WiFi while they have a go at your private data, so never connect to unknown shady hotspots.The HTC one is among one of the main Android device that is prone to the bug due to still running the affected version of Android.
The heartbleed bug is a serious flaw in the Webs security architecture that we will have to deal with time and time again, trust me when I say that this is not the last variation of the Heartbleed vulnerability that we will see and chances are that long after the fires have died out, some systems will still have the loophole open to be exploited due to not patching it in the first place.