How to protect your phone or tablet from the Heartbleed OpenSSL bug

hacking team tools government hack smartphones heartbleed phone smartphone mobile v2

The Heartbleed bug is bad and affects a huge portion of all websites — as much as 66 percent of all sites around the world, according to some reports — and it’s plunged the Internet into disarray. Unfortunately, your smartphone isn’t safe either. 

Please read our List of Android, iOS, and Windows apps affected by the Heartbleed OpenSSL bug. It will explain more about the Heartbleed bug. We also have a robust list of Websites Affected by Heartbleed and Video Game Services Affected by Heartbleed.

What is the Heartbleed bug?

It’s an OpenSSL vulnerability. OpenSSL is a security protocol that encrypts communications between your computer (or device) and a Web server. As the BBC put it, it’s sort of a “secret handshake at the beginning of a secure conversation.”

Most websites, many operating systems, and many apps use OpenSSL. It’s everywhere, and one version of it has a critical bug that lets hackers exploit a function known as the “heartbeat option,” which lets a computer (like yours) send a message to an Internet server to make sure they are still connected — think a tap on the shoulder to see if your buddy is still awake. This bug lets attackers send fake heartbeat messages to trick the server into sending back sensitive data like passwords and credit card numbers. Again, it’s very bad.

There are no known mobile attacks yet

The extent of the damage is still not clear, but Digital Trends has learned that the bug can be exploited on mobile devices, though the risks aren’t as great as they are on a desktop computer browsing the Web.

Mobile security company Lookout downplayed the risks, saying: “The good news is that we have yet to see any attacks targeting a mobile device, and while this is a credible risk, the likelihood of you encountering an exploit is low.”

Which operating systems are affected:

How to check if your Android phone is vulnerable

Lookout Heartbleed Bug detectorAccording to Google, about 34 percent of all Android devices still run Android 4.1.x, meaning more than 300 million phones and tablets could be vulnerable to this bug. Lookout has released an Android app to check if your mobile device has been compromised. You can download Heartbleed detector from the Google Play Store now.    

If your phone is vulnerable and the heartbeat option is enabled, there’s nothing you can do except check for updates. Go into Settings > About phone > System updates on most devices. Some devices will have Updates in another area of the Settings menu.

Log out of affected apps, then log back in

We’re compiling a list of affected apps now, but for now we have a temporary fix, and it’s very straightforward.

If you’re worried that an app on your phone or tablet is vulnerable (if it’s on a list, or its website counterpart is listed) log out of the app, wait a few minutes, then log back in. Mobile devices use security tokens, which act as an electronic key to provide you with continuous access to your apps. If you log out, the security tokens will be replaced with new ones, which, in theory, should keep you safe from the bug — according to Tom’s Guide, anyway. You’ll want to do this once a service has been fixed as well.

Should you change your passwords now?

At present there are two contrasting theories for dealing with the problem. The first one advises you to change all your passwords now, and maybe also find a new name for your first pet. If you want to know if the website you use is affected, you can take the Heartbleed Test here. We reached out to Avast!, the popular antivirus company, and it provided us with three recommendations for your new password:

A guide to your next password: 

  1. Use a random collection of letters (uppercase and lowercase), numbers and symbols
  2.  Make it 8 characters or longer
  3.  Create a unique password for every account  

The second school of thought is to not change your passwords, at least for now. The justification for this is that the websites you visit may already be vulnerable to the bug. If you access these sites before they put out a patch, new passwords won’t help. You’ll still be exposed to the bug.

Begin using two-step authentication where possible

Two-step authentication is available on some services like Google, Facebook, Yahoo, Microsoft, and Dropbox. It’s a pain and you’ll hate using it, but it would protect you in this instance. Two-step authentication forces you  to enter a code on your phone every time you log into a service from a new device. This means that hackers would need your actual phone to log into services.

This sucks, we agree

The worst part about this whole mess is that we, as users, are powerless. We didn’t cause the bug with crappy passwords. It’s a small problem in a line of open-source code that the whole Net uses. For now, take comfort in the fact that everyone’s as powerless as you are.

“We, as end users, simply can’t do anything, but make sure we are as secure as possible,” Jiri Setjko, Director of Avast! virus labs, told Digital Trends.

(Williams Pelegrin and Christian Bautista also contributed heavily to this report.) 

Wearables

Swatch and Mastercard team up for on-the-wrist, on-the-go mobile payments

Swatch has announced its Swatchpay technology is now available in Switzerland, enabling mobile payments from your Swatch watch. It works in a similar way to Apple Pay and Google Pay. Here's everything about it.
Smart Home

The best smart locks turn your phone into a key

A good smart lock should offer a combination of security and convenience. Fortunately, these devices keep your home protected, your family safe, and your belongings secure from possible intruders.
Mobile

Turn to these apps to help you in your next hunt for a job

Looking for a job can be a stressful experience, but these days, a simple mobile app can help you to find and apply for jobs all over the country -- here are some of the best job search apps for iOS and Android.
Home Theater

These awesome A/V receivers will swarm you with surround sound at any budget

There is no one-size-fits-all approach to shopping for a receiver, so we assembled our favorites for 2018, at multiple price points and all loaded with features, from Dolby Atmos to 4K HDR, and much more.
Deals

Looking to upgrade? These are the best iPhone deals for January 2019

Apple devices can get expensive, but if you just can't live without iOS, don't despair: We've curated an up-to-date list of all of the absolute best iPhone deals available for January 2019.
Mobile

Sony is showing something off at MWC -- will it be the Xperia XZ4?

Sony may have released the Xperia XZ3 in the past few months, but already it's preparing to release a follow-up, the Xperia XZ4. We're learning plenty about the phone now some details have started to leak out, and it's getting exciting.
Mobile

Do these Geekbench results accurately represent the Moto G7?

The Moto G6 range is still relatively new to the market, but rumors have already started about the Moto G7, which is expected some time in 2019. Apparently, a G7 Power version will be joining the G7, G7 Play, and G7 Plus.
Home Theater

Set your ears free with the best completely wireless earbuds

If you can't stand the tangle of cords, or you're just excited about completely wireless earbuds, you're going to need some help separating the wheat from the chaff. Our list serves up the best true wireless earbuds around.
Mobile

Is this the first image of a Galaxy S10 being used in real life?

It won't be long now; With 2019 underway, the Samsung Galaxy S10 is almost here. Before it arrives, here's absolutely everything you need to know about all three of Samsung's next flagships.
Wearables

Omron HeartGuide brings blood pressure monitoring to your wrist

High blood pressure leads to heart attacks, strokes, and many other health problems, so it's important to keep an eye on. Omron's HeartGuide is a fitness tracking watch that can also monitor your blood pressure from your wrist.
Business

Google is buying mysterious smartwatch tech from The Fossil Group for $40 million

Google is about to step up its smartwatch game. The company has agreed to buy an unnamed smartwatch technology from The Fossil Group for a hefty $40 million. Considering the acquisition, it's clear Google is serious about smartwatches.
Mobile

Learn how to play YouTube in the background on iOS and Android

We show you how to play YouTube in the background with apps such as Opera, Chrome, and Firefox -- along with the premium offerings like YouTube Premium -- whether you have an Android or iOS device.
Mobile

Android vs. iOS: Which smartphone platform is the best?

If you’re trying to choose a new phone and you’re not sure about the merits and pitfalls of the leading smartphone operating systems, then come on in for a detailed breakdown as we pit Android vs. iOS in various categories.
Mobile

Verizon’s deal could get you a free iPhone XR — but there’s some fine print

Verizon launched a new deal for its smartphones aimed at encouraging customers to open a new line. If you're willing and you want two new phones, you could get a free Samsung Galaxy S9, iPhone XR, or Pixel 3.