[APP] Heartbleed Detector

Primokorn · Apr 10, 2014

Almost everybody is aware about the Heartbleed bug in OpenSSL.
Lookout Mobile Security has released a Heartbleed detector to know if our Android device is affected or not.

If you are interested here is the Play Store link: https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector

What is Heartbleed?
Heartbleed is a software flaw in the OpenSSL “Heartbeat” function that helps keep secure connections alive. This function was found to be vulnerable to manipulation in a way that allows an attacker to steal up to 64K of data at a time from the active memory of affected systems. The bug, found by researchers from Codenomicon and Google, and filed with the following reference number – CVE-2014-0160, impacts any infrastructure that includes the affected versions of OpenSSL.

Heartbleed bug discussed for XDA

vin4yak · Apr 10, 2014

Thanks for the heads up!

M.Noury · Apr 10, 2014

vin4yak said:
Thanks for the heads up!

Same here

Sent from my Nexus 5 using Tapatalk

aavvaallooss · Apr 10, 2014

Same here.

Do you know if is there any possibility to upgrade OpenSSL manually without waiting for an Android update (Maybe fixed in future 4.4.3 OTA???)

Primokorn · Apr 10, 2014

aavvaallooss said:
Same here.

Do you know if is there any possibility to upgrade OpenSSL manually without waiting for an Android update (Maybe fixed in future 4.4.3 OTA???)

We (regular Android users) can't do anything afaik.

The app says that I'm affected BUT I've read that only OpenSSL 1.0.1 of Android 4.1.1 is vulnerable (here)

FYI Openvpn Wiki

ChongoDroid · Apr 11, 2014

If you're using fr05ty rom then you're already safe

Sent from my Nexus 5 using Tapatalk

TheLastSidekick · Apr 11, 2014

I find it hard so hard to believe an OpenSSL binary for Android hasn't been released yet OR someone hasn't created an Xposed module to somehow patch it. I'm none too worried about it because it does say it doesn't affect our OpenSSL on 4.4.2...but still security is all about being paranoid. But I wouldn't be surprised if Google extends the date for the release of 4.4.3 to get OpenSSL patched. I feel like Google doesn't like to NOT tie up loose ends.

Sent from my Galaxy S4 using Tapatalk

oOflyeyesOo · Apr 11, 2014

I have always wanted to know if my heart is bleeding or not!

Great work on the app btw.

shadowcore · Apr 12, 2014

Any link that does not go to google play? I dont use google services or the playstore.

melbourne408 · Apr 12, 2014

shadowcore said:
Any link that does not go to google play? I dont use google services or the playstore.

Go to the Play Store and type in "Heartbleed Detector."

Sent from my Nexus 5 using XDA Premium 4 mobile app

shadowcore · Apr 12, 2014

I guess you misunderstood me, I meant a link that is not the google play store. A link that directly allows me to install the apk. I dont use Google services in my phone and therefore cannot use the playstore. I have no gapps in my phone.

melbourne408 said:
Go to the Play Store and type in "Heartbleed Detector."

Sent from my Nexus 5 using XDA Premium 4 mobile app

flex360 · Apr 12, 2014

shadowcore said:
I guess you misunderstood me, I meant a link that is not the google play store. A link that directly allows me to install the apk. I dont use Google services in my phone and therefore cannot use the playstore. I have no gapps in my phone.

go find it for yourself
try google

shadowcore · Apr 12, 2014

flex360 said:
go find it for yourself
try google

If anyone wants to know how I did it, I used an alternative scanner called bluebox scanner, which used the aptoide store, which I have installed.

FYI, android 4.2.2 cyanogenmod 10.3 has the vulnerability but its not enabled.

Deleted member 5149701 · Apr 14, 2014

shadowcore said:
I guess you misunderstood me, I meant a link that is not the google play store. A link that directly allows me to install the apk. I dont use Google services in my phone and therefore cannot use the playstore. I have no gapps in my phone.

Just curious why you don't use any Google services. Do you not have a GMail account? Strange to use Android and not use Google services.

_frog hair · Apr 14, 2014

dinggus said:
Just curious why you don't use any Google services. Do you not have a GMail account? Strange to use Android and not use Google services.

Not really. Some of the best developers on xda doesn't use anything google at all. Not even google play.

//Sent from within your closet

Deleted member 5149701 · Apr 14, 2014

_frog hair said:
Not really. Some of the best developers on xda doesn't use anything google at all. Not even google play.

//Sent from within your closet

Alright, didn't know that. I don't know anyone who doesn't at least have a Gmail account.

Sent from my Nexus 5 using Tapatalk

Topics

Topics

[APP] Heartbleed Detector

Primokorn

Senior Member

vin4yak

Senior Member

Attachments

M.Noury

Senior Member

aavvaallooss

Senior Member

Primokorn

Senior Member

ChongoDroid

Senior Member

TheLastSidekick

Recognized Contributor

oOflyeyesOo

Senior Member

shadowcore

Senior Member

melbourne408

Senior Member

shadowcore

Senior Member

flex360

Senior Member

shadowcore

Senior Member

Deleted member 5149701

Guest

_frog hair

Senior Member

Deleted member 5149701

Guest

Similar threads

Top Liked Posts

New posts