Revelations of the catastrophic Heartbleed bug shook the Internet last week with news that over two-thirds of web servers were vulnerable to the security hole, but it turns out end-users are also susceptible to the bug, including millions of Android smartphones.

According to a new report by Ars Technica, Android smartphones running version 4.1.1 are susceptible to end-user attacks that could suck passwords, messages, banking info, emails and other info right out of device memory.

Google already acknowledged the vulnerability Friday afternoon, but security experts at Lookout Mobile told Ars they have discovered some carrier-customized versions of Android 4.2.2 that are also vulnerable.

Symantec has good news for browsers users with their announcement that the OpenSSL cryptographic library isn’t relied on to implement HTTPS cryptographic protections – meaning malicious servers couldn’t extract data right from your computer’s memory. However,  Android devices and some Internet of Things appliances aren’t as safe.

Over 34% of Android phones are running 4.1.x, and even though Google is promising it’s working on a patch to roll out with partners that could get complicated as Google has a long history of almost never updating critical security flaws in older Android devices.

Android users who aren’t sure if there handsets are vulnerable should curb the use of sending sensitive data like personal messages, banking data, etc, and if you want to see if your handset is open to attack, you can download Lookout’s Heartbleed Detector for free from Google Play. 

 

Source: Ars Technica