How to protect your phone or tablet from the Heartbleed OpenSSL bug

hacking team tools government hack smartphones heartbleed phone smartphone mobile v2

The Heartbleed bug is bad and affects a huge portion of all websites — as much as 66 percent of all sites around the world, according to some reports — and it’s plunged the Internet into disarray. Unfortunately, your smartphone isn’t safe either. 

Please read our List of Android, iOS, and Windows apps affected by the Heartbleed OpenSSL bug. It will explain more about the Heartbleed bug. We also have a robust list of Websites Affected by Heartbleed and Video Game Services Affected by Heartbleed.

What is the Heartbleed bug?

It’s an OpenSSL vulnerability. OpenSSL is a security protocol that encrypts communications between your computer (or device) and a Web server. As the BBC put it, it’s sort of a “secret handshake at the beginning of a secure conversation.”

Most websites, many operating systems, and many apps use OpenSSL. It’s everywhere, and one version of it has a critical bug that lets hackers exploit a function known as the “heartbeat option,” which lets a computer (like yours) send a message to an Internet server to make sure they are still connected — think a tap on the shoulder to see if your buddy is still awake. This bug lets attackers send fake heartbeat messages to trick the server into sending back sensitive data like passwords and credit card numbers. Again, it’s very bad.

There are no known mobile attacks yet

The extent of the damage is still not clear, but Digital Trends has learned that the bug can be exploited on mobile devices, though the risks aren’t as great as they are on a desktop computer browsing the Web.

Mobile security company Lookout downplayed the risks, saying: “The good news is that we have yet to see any attacks targeting a mobile device, and while this is a credible risk, the likelihood of you encountering an exploit is low.”

Which operating systems are affected:

How to check if your Android phone is vulnerable

Lookout Heartbleed Bug detectorAccording to Google, about 34 percent of all Android devices still run Android 4.1.x, meaning more than 300 million phones and tablets could be vulnerable to this bug. Lookout has released an Android app to check if your mobile device has been compromised. You can download Heartbleed detector from the Google Play Store now.    

If your phone is vulnerable and the heartbeat option is enabled, there’s nothing you can do except check for updates. Go into Settings > About phone > System updates on most devices. Some devices will have Updates in another area of the Settings menu.

Log out of affected apps, then log back in

We’re compiling a list of affected apps now, but for now we have a temporary fix, and it’s very straightforward.

If you’re worried that an app on your phone or tablet is vulnerable (if it’s on a list, or its website counterpart is listed) log out of the app, wait a few minutes, then log back in. Mobile devices use security tokens, which act as an electronic key to provide you with continuous access to your apps. If you log out, the security tokens will be replaced with new ones, which, in theory, should keep you safe from the bug — according to Tom’s Guide, anyway. You’ll want to do this once a service has been fixed as well.

Should you change your passwords now?

At present there are two contrasting theories for dealing with the problem. The first one advises you to change all your passwords now, and maybe also find a new name for your first pet. If you want to know if the website you use is affected, you can take the Heartbleed Test here. We reached out to Avast!, the popular antivirus company, and it provided us with three recommendations for your new password:

A guide to your next password: 

  1. Use a random collection of letters (uppercase and lowercase), numbers and symbols
  2.  Make it 8 characters or longer
  3.  Create a unique password for every account  

The second school of thought is to not change your passwords, at least for now. The justification for this is that the websites you visit may already be vulnerable to the bug. If you access these sites before they put out a patch, new passwords won’t help. You’ll still be exposed to the bug.

Begin using two-step authentication where possible

Two-step authentication is available on some services like Google, Facebook, Yahoo, Microsoft, and Dropbox. It’s a pain and you’ll hate using it, but it would protect you in this instance. Two-step authentication forces you  to enter a code on your phone every time you log into a service from a new device. This means that hackers would need your actual phone to log into services.

This sucks, we agree

The worst part about this whole mess is that we, as users, are powerless. We didn’t cause the bug with crappy passwords. It’s a small problem in a line of open-source code that the whole Net uses. For now, take comfort in the fact that everyone’s as powerless as you are.

“We, as end users, simply can’t do anything, but make sure we are as secure as possible,” Jiri Setjko, Director of Avast! virus labs, told Digital Trends.

(Williams Pelegrin and Christian Bautista also contributed heavily to this report.) 

Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Mobile

Apple's iOS 12.2 brings support for Apple News Plus and new AirPlay 2 features

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.
Smart Home

The best smart locks to increase your home security in 2019

A good smart lock should offer a combination of security and convenience. Fortunately, these devices keep your home protected, your family safe, and your belongings secure from possible intruders.
Photography

Looking to keep prying eyes at bay? Here's how to hide photos on your iPhone

People take tons of photos using their smartphones, but not all are meant to be shared or seen. Luckily, hiding photos on your iOS device is easy, whether you want to use built-in utilities or apps with added security.
Mobile

Scientists wreck a smartphone in a blender, but not just for fun

It’s oddly mesmerizing to watch a smartphone get torn apart inside a blender. Researchers recently did just that in a bid to find out which materials make up a handset, and also to encourage people to think more about recycling.
Movies & TV

Apple’s next big event is minutes away: Here’s what you can expect

Apple's next big event takes place on March 25 in Cupertino, California. The company is expected to make several announcements related to its services, including Apple TV, so follow our guide to get ready for the big event.
Wearables

This $76,000 Grand Seiko watch has something in common with a plug-in hybrid car

How can a watch that costs $76,000 possibly have anything in a common with any car, let alone a plug-in hybrid? It's all about the complex, technically incredible Spring Drive movement inside this Grand Seiko watch.
Deals

The excellent Apple iPad gets even deeper price cuts on Amazon

The humble iPad from 2018 is still one of the best tablets around -- and a solid choice for most people. Amazon has seen some great price drops for these tablets recently, and now you can own an iPad for even less than before.
Mobile

More than a screenshot: How to record the screen on an Android device

If you've ever want to record video of your Android screen, there are plenty of apps that can help. Here's an easy guide on how to record the screen on an Android device with the right settings and apps.
Apple

Apple March 2019 Event Coverage

Apple’s next event will take place March 25 at the Steve Jobs Theater in Cupertino, California at 10 a.m. PT. We’ve got a handy guide on how to watch, but don’t expect to see any new iPads, iMacs, or AirPods at the show, all of…
Product Review

Want to see how powerful the Snapdragon 855 chip is? Just rev up the Xiaomi Mi 9

How fast do you want to go? If the answer to this is “as fast as possible,” then take a long look at the Xiaomi Mi 9. It’s one of the highest performance smartphones you can buy. It’s a real monster, and we’ve been using it.
Mobile

Apple Card is a credit card you can sign up for and start using with your iPhone

Apple is getting into the credit card business. Apple Card is a credit card you can sign up for directly on your iPhone, and it doesn't have fees. There's a lower interest rate and you can even get Daily Cash from all purchases.
Gaming

Apple Arcade might be the new game subscription service worth signing up for

Apple Arcade will launch this fall bringing a new game-subscription service with cross-platform support for iOS, Mac, and Apple TV. At launch, the service will feature more than 100 exclusive games, with more added to the service regularly.
Mobile

Check out 22 of the best iPhone 7 cases and covers for your shiny new phone

The iPhone 7 might be attractive, but it’s not rugged. To keep your device in pristine condition, you really need to think about proper protection. That's why we've rounded up some of the best iPhone 7 cases and covers available.