[Q] HeartBleed 4.2.2 on Htc one x + At&T stock

tyelrx · Apr 13, 2014

Call me crazy, I have HTC one x + (At&T) running android 4.2.2. (STOCK VERSION, updated from 4.1.1 that came out a few months ago...also locked bootloader and an unrooted device).

I've read multiple articles saying the openSSL bug should not affect my phone. However ever security app I download to test for the bug says I have open SSL version 1.0.1c and the behavior is enabled. Now, i understand that android apps can be packaged with their own version of OpenSSL, but I'm not checking the apps. Lockout app & Blue Box both save I have the bug & it's enabled system wide. Annoyed with HTC customer support because they keep saying i don't have it. Perhaps I'm missing something, but why do multiple secruity apps say I'm vulnerable. Any suggestions would help.

thanks all

panpjp · Apr 13, 2014

Your statement isn't quite clear, but I think the 1.0.1c version IS affected by Heartbleed.

Sent from my One X+ using xda app-developers app

tyelrx · Apr 13, 2014

thanks panpjp

Sorry for the confusion

My Phone Information:
HTC ONE X + (AT&T)
OS: Android 4.2.2
STOCK/UNROOTED DEVICE
OpenSSL 1.0.1c - heartbreed enabled

So, i guess I'm wondering if anyone else with my device is seeing the same issue. I thought google confirmed 4.2.2 was not affected by the bug.

thanks

panpjp said:
Your statement isn't quite clear, but I think the 1.0.1c version IS affected by Heartbleed.

Sent from my One X+ using xda app-developers app

Thyg0d · Apr 14, 2014

tyelrx said:
thanks panpjp

Sorry for the confusion

My Phone Information:
HTC ONE X + (AT&T)
OS: Android 4.2.2
STOCK/UNROOTED DEVICE
OpenSSL 1.0.1c - heartbreed enabled

So, i guess I'm wondering if anyone else with my device is seeing the same issue. I thought google confirmed 4.2.2 was not affected by the bug.

thanks

I can only confirm what you're saying..
Got a HTC One x as well.. Stock and all and I get the same response from those apps..

moosic · Apr 15, 2014

Thyg0d said:
I can only confirm what you're saying..
Got a HTC One x as well.. Stock and all and I get the same response from those apps..

Same with my stock htc one x.

Thyg0d · Apr 15, 2014

Spoke to the Swedish HTC support today and their response was that no updates to fix this was currently scheduled so in short:
"Don't use our phone if you care about your passwords being leaked" as I understood it..

tyelrx · Apr 16, 2014

I got the same response from htc, they kept saying I was on 4.1.1 and privacy matters. Didn't even listen to me. Hope they fix this...was gonna buy a new phone in a few months. Not sure if HTC will be my first choice unless they can change my mind.

Thyg0d said:
Spoke to the Swedish HTC support today and their response was that no updates to fix this was currently scheduled so in short:
"Don't use our phone if you care about your passwords being leaked" as I understood it..

Thyg0d · Apr 16, 2014

tyelrx said:
I got the same response from htc, they kept saying I was on 4.1.1 and privacy matters. Didn't even listen to me. Hope they fix this...was gonna buy a new phone in a few months. Not sure if HTC will be my first choice unless they can change my mind.

Okay.. even worse than our support then.. :-o
Always a great way to loose customers..

I've used HTC since Hero but now I'm jumping ship..
the HOX has been nothing but problem for me and it's been serviced 4 times for all kind of issues..
Wifi/BT being one of them..
Going for a sony Z2 now, IF sony can deliver them any time soon.. Like this year at least..

jizang · Apr 16, 2014

Can i trust the app heartbleed detector. This is what it says with my phone

Sent from my One X+ using XDA Premium 4 mobile app

Thyg0d · Apr 17, 2014

jizang said:
Can i trust the app heartbleed detector. This is what it says with my phone

Sent from my One X+ using XDA Premium 4 mobile app

You should since it's not hard do detect when you know what to look for.. .. Didn't expect any difference between One X and One X+ though..

oziboy · Apr 18, 2014

ok i downloaded the updated openssl from openssl.org
gonna try to install manually, ill post if it worked and how i did it...
edit: false alarm, i need to compile it myself but im no dev :d

jizang · Apr 20, 2014

After installing arhd 8.0 this app started to say that the vulnerable behavior is activated. What can I do?

Sent from my HTC One X+ using XDA Premium 4 mobile app

oziboy · Apr 20, 2014

jizang said:
After installing arhd 8.0 this app started to say that the vulnerable behavior is activated. What can I do?

Sent from my HTC One X+ using XDA Premium 4 mobile app

simply nothing -_-
we should get htc over to give us an update with the bug fixed, no matter if we get a new version of android the bug has to be fixed
i can't reach htc support somehow -_-
well there has to be something
right now im trying to put the kitkat openssl version to jellybean to see if it works :d :fingerscrossed:

/\/\ · Apr 20, 2014

I read somewhere (android community?) that HTC is thinking about updating the ssl library in all phones.

frankoid · Apr 23, 2014

http://www.slashgear.com/htc-plans-heartbleed-fix-over-top-legacy-android-risk-18325774/

oziboy · Jun 17, 2014

Old topic, i know but yet to know, the only way i found to fix heartbleed is to upgrade to android kitkat.
I am using mokee rom at 4.4.3 kitkat latest stable and it has openssl 1.0.1e which is vulnerable but heartbeats disabled... So its safe

Verzonden vanaf mijn iPad met behulp van Tapatalk

frankoid · Jun 17, 2014

There is an official update for the International One X+ which fixes the heartbleed vulnerability. I'm not sure whether an official fix for the AT&T version has been released yet though.

[Q] HeartBleed 4.2.2 on Htc one x + At&T stock

Member

Senior Member

Member

Member

Senior Member

Member

Member

Member

Senior Member

Attachments

Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Similar threads

Top Liked Posts