Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,729,985 Members 53,909 Now Online
XDA Developers Android and Mobile Development Forum

Fix HeartBleed on Android devices?

Tip us?
 
riahc3
Old
#1  
riahc3's Avatar
Senior Member - OP
Thanks Meter 132
Posts: 1,274
Join Date: Oct 2009
Default Fix HeartBleed on Android devices?

Its not enabled on my device but I don't feel good having a version with a exploit so large.

How do I manually update it on my device?
THE HTC DESIRE Z/G2/VISION IS NOT A "4G" PHONE.
Read what is 4G: http://en.wikipedia.org/wiki/4G
 
es0tericcha0s
Old
#2  
Senior Member
Thanks Meter 460
Posts: 2,357
Join Date: May 2010

 
DONATE TO ME
http://www.itproportal.com/2014/04/1...emain-at-risk/

It's only an issue for 4.1.1.
Need some help, advice, something fixed? Hit me up on Hangouts @ es0tericcha0s and check out my site: http://mobilemojo5280.com for more info!


HTC Droid Eris / Motorola Droid / Samsung Galaxy S Fascinate / Motorola Droid X / LG G2x / HTC Evo 3D (x2) / Samsung Epic 4G Touch (Sprint S2) / HTC Amaze / Samsung Galaxy S3 (International) / Samsung Galaxy Note 2 / Nexus 4 / HTC One / Samsung Galaxy S4 / Sony Xperia ZL / Nexus 5 / ? (One+1 maybe...)
 
riahc3
Old
#3  
riahc3's Avatar
Senior Member - OP
Thanks Meter 132
Posts: 1,274
Join Date: Oct 2009
Quote:
Originally Posted by es0tericcha0s View Post
Yeah, that's the point of the thread: What if you are stuck on 4.1.1?
THE HTC DESIRE Z/G2/VISION IS NOT A "4G" PHONE.
Read what is 4G: http://en.wikipedia.org/wiki/4G
 
es0tericcha0s
Old
#4  
Senior Member
Thanks Meter 460
Posts: 2,357
Join Date: May 2010

 
DONATE TO ME
I haven't seen any options other than upgrading, downgrading, or just not going to the affected sites until they update, which most of them have by now.
Need some help, advice, something fixed? Hit me up on Hangouts @ es0tericcha0s and check out my site: http://mobilemojo5280.com for more info!


HTC Droid Eris / Motorola Droid / Samsung Galaxy S Fascinate / Motorola Droid X / LG G2x / HTC Evo 3D (x2) / Samsung Epic 4G Touch (Sprint S2) / HTC Amaze / Samsung Galaxy S3 (International) / Samsung Galaxy Note 2 / Nexus 4 / HTC One / Samsung Galaxy S4 / Sony Xperia ZL / Nexus 5 / ? (One+1 maybe...)
 
ReCreate
Old
#5  
Member
Thanks Meter 14
Posts: 60
Join Date: Oct 2010

 
DONATE TO ME
just don't host anything from your phone.
 
riahc3
Old
(Last edited by riahc3; 9th May 2014 at 08:41 AM.)
#6  
riahc3's Avatar
Senior Member - OP
Thanks Meter 132
Posts: 1,274
Join Date: Oct 2009
Quote:
Originally Posted by es0tericcha0s View Post
I haven't seen any options other than upgrading, downgrading, or just not going to the affected sites until they update, which most of them have by now.
If you are exploitable on the client side, you can still exploit HeartBleed.

Quote:
Originally Posted by ReCreate View Post
just don't host anything from your phone.
Same as above. This is a server AND client side bug. Doesn't matter if I don't host anything.
THE HTC DESIRE Z/G2/VISION IS NOT A "4G" PHONE.
Read what is 4G: http://en.wikipedia.org/wiki/4G
 
es0tericcha0s
Old
#7  
Senior Member
Thanks Meter 460
Posts: 2,357
Join Date: May 2010

 
DONATE TO ME
Quote:
Originally Posted by riahc3 View Post
If you are exploitable on the client side, you can still exploit HeartBleed.


Same as above. This is a server AND client side bug. Doesn't matter if I don't host anything.
Hmm. My understanding was that if you don't go to sites that are affected with the issue, then your system can't be exploited. Is that not the case?
Need some help, advice, something fixed? Hit me up on Hangouts @ es0tericcha0s and check out my site: http://mobilemojo5280.com for more info!


HTC Droid Eris / Motorola Droid / Samsung Galaxy S Fascinate / Motorola Droid X / LG G2x / HTC Evo 3D (x2) / Samsung Epic 4G Touch (Sprint S2) / HTC Amaze / Samsung Galaxy S3 (International) / Samsung Galaxy Note 2 / Nexus 4 / HTC One / Samsung Galaxy S4 / Sony Xperia ZL / Nexus 5 / ? (One+1 maybe...)
 
riahc3
Old
#8  
riahc3's Avatar
Senior Member - OP
Thanks Meter 132
Posts: 1,274
Join Date: Oct 2009
Quote:
Originally Posted by es0tericcha0s View Post
Hmm. My understanding was that if you don't go to sites that are affected with the issue, then your system can't be exploited. Is that not the case?
The site might not send a certificate with the exploited version but the reply I believe is still exploitable since it sends a heartbeat (replied or not replied but the server, depending on if its disabled or not)

http://security.stackexchange.com/qu...-to-heartbleed
THE HTC DESIRE Z/G2/VISION IS NOT A "4G" PHONE.
Read what is 4G: http://en.wikipedia.org/wiki/4G

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Samsung Gear Live Unboxed the XDA Way – XDA Developer TV

XDA Developer TV Producer AdamOutleris known for his XDA Unboxingseries where … more

Make Your Own DIY Capacitive Stylus

The XDA Portal is a place where we like to talkabout things that are interesting, fun, and sometimes … more