Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,781,073 Members 45,169 Now Online
XDA Developers Android and Mobile Development Forum

Fix HeartBleed on Android devices?

Tip us?
 
riahc3
Old
#1  
riahc3's Avatar
Senior Member - OP
Thanks Meter 137
Posts: 1,290
Join Date: Oct 2009
Default Fix HeartBleed on Android devices?

Its not enabled on my device but I don't feel good having a version with a exploit so large.

How do I manually update it on my device?
THE HTC DESIRE Z/G2/VISION IS NOT A "4G" PHONE.
Read what is 4G: http://en.wikipedia.org/wiki/4G
 
es0tericcha0s
Old
#2  
Senior Member
Thanks Meter 504
Posts: 2,615
Join Date: May 2010

 
DONATE TO ME
http://www.itproportal.com/2014/04/1...emain-at-risk/

It's only an issue for 4.1.1.
Need some help, advice, something fixed? Hit me up on Hangouts @ es0tericcha0s
Now offering unlocking services - including many Sprint phone unlocks! PM for details!

HTC Droid Eris / Motorola Droid / Samsung Galaxy S Fascinate / Motorola Droid X / LG G2x / HTC Evo 3D (x2) / Samsung Epic 4G Touch (Sprint S2) / HTC Amaze / Samsung Galaxy S3 (International) / Samsung Galaxy Note 2 / Nexus 4 / HTC One / Samsung Galaxy S4 / Sony Xperia ZL / Nexus 5 / OnePlus One (64 GB)
 
riahc3
Old
#3  
riahc3's Avatar
Senior Member - OP
Thanks Meter 137
Posts: 1,290
Join Date: Oct 2009
Quote:
Originally Posted by es0tericcha0s View Post
Yeah, that's the point of the thread: What if you are stuck on 4.1.1?
THE HTC DESIRE Z/G2/VISION IS NOT A "4G" PHONE.
Read what is 4G: http://en.wikipedia.org/wiki/4G
 
es0tericcha0s
Old
#4  
Senior Member
Thanks Meter 504
Posts: 2,615
Join Date: May 2010

 
DONATE TO ME
I haven't seen any options other than upgrading, downgrading, or just not going to the affected sites until they update, which most of them have by now.
Need some help, advice, something fixed? Hit me up on Hangouts @ es0tericcha0s
Now offering unlocking services - including many Sprint phone unlocks! PM for details!

HTC Droid Eris / Motorola Droid / Samsung Galaxy S Fascinate / Motorola Droid X / LG G2x / HTC Evo 3D (x2) / Samsung Epic 4G Touch (Sprint S2) / HTC Amaze / Samsung Galaxy S3 (International) / Samsung Galaxy Note 2 / Nexus 4 / HTC One / Samsung Galaxy S4 / Sony Xperia ZL / Nexus 5 / OnePlus One (64 GB)
 
ReCreate
Old
#5  
Member
Thanks Meter 14
Posts: 60
Join Date: Oct 2010

 
DONATE TO ME
just don't host anything from your phone.
 
riahc3
Old
(Last edited by riahc3; 9th May 2014 at 08:41 AM.)
#6  
riahc3's Avatar
Senior Member - OP
Thanks Meter 137
Posts: 1,290
Join Date: Oct 2009
Quote:
Originally Posted by es0tericcha0s View Post
I haven't seen any options other than upgrading, downgrading, or just not going to the affected sites until they update, which most of them have by now.
If you are exploitable on the client side, you can still exploit HeartBleed.

Quote:
Originally Posted by ReCreate View Post
just don't host anything from your phone.
Same as above. This is a server AND client side bug. Doesn't matter if I don't host anything.
THE HTC DESIRE Z/G2/VISION IS NOT A "4G" PHONE.
Read what is 4G: http://en.wikipedia.org/wiki/4G
 
es0tericcha0s
Old
#7  
Senior Member
Thanks Meter 504
Posts: 2,615
Join Date: May 2010

 
DONATE TO ME
Quote:
Originally Posted by riahc3 View Post
If you are exploitable on the client side, you can still exploit HeartBleed.


Same as above. This is a server AND client side bug. Doesn't matter if I don't host anything.
Hmm. My understanding was that if you don't go to sites that are affected with the issue, then your system can't be exploited. Is that not the case?
Need some help, advice, something fixed? Hit me up on Hangouts @ es0tericcha0s
Now offering unlocking services - including many Sprint phone unlocks! PM for details!

HTC Droid Eris / Motorola Droid / Samsung Galaxy S Fascinate / Motorola Droid X / LG G2x / HTC Evo 3D (x2) / Samsung Epic 4G Touch (Sprint S2) / HTC Amaze / Samsung Galaxy S3 (International) / Samsung Galaxy Note 2 / Nexus 4 / HTC One / Samsung Galaxy S4 / Sony Xperia ZL / Nexus 5 / OnePlus One (64 GB)
 
riahc3
Old
#8  
riahc3's Avatar
Senior Member - OP
Thanks Meter 137
Posts: 1,290
Join Date: Oct 2009
Quote:
Originally Posted by es0tericcha0s View Post
Hmm. My understanding was that if you don't go to sites that are affected with the issue, then your system can't be exploited. Is that not the case?
The site might not send a certificate with the exploited version but the reply I believe is still exploitable since it sends a heartbeat (replied or not replied but the server, depending on if its disabled or not)

http://security.stackexchange.com/qu...-to-heartbleed
THE HTC DESIRE Z/G2/VISION IS NOT A "4G" PHONE.
Read what is 4G: http://en.wikipedia.org/wiki/4G

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Forums Added for the LG G Watch R and Samsung Gear S

A little over a week ago, LG “inadvertently” let the world know about the … more

Secrecy App Goes Open Source, New LG Android Wear Device! – XDA Developer TV

Secrecy encryption app goes open source! That and much … more

Pushbullet Updated with SMS Send Ability

Pushbullet is one of thoseapplications that every Android lover should have installed on his or … more

[OTA] Nvidia Shield Tablet Receives its First Update

The Nvidia Shield Tabletis the latest toy from one of the largest desktop graphics … more