The Web has largely fixed itself from the major Heartbleed OpenSSL bug discovered on April 7, 2014. From the reports we’ve seen, few major websites are still vulnerable to the bug, and many of the apps and services we use have been patched as well. Unfortunately, there’s one festering Heartbleed wound that isn’t fixed, and won’t get patched anytime soon. As Google admitted on its own blog, phones and tablets running Android 4.1.1 are vulnerable to Heartbleed bug hack attacks.
We’ve tried but can’t find a good listing of what phones and tablets might be vulnerable, so we decided to make one ourselves. Below you’ll find a near-complete list of devices we think could potentially have the Heartbleed bug. This is based on information from Wikipedia, wireless carrier websites, and all over. We’ll continue to update and fix this list as readers, manufacturers, and carriers respond to our requests for info. We’ve included any devices we believe could possibly have Android 4.1.1 on them. Recent estimates pin the number of vulnerable devices at about 50 million.
Recommended Videos
IF YOUR DEVICE IS LISTED AS VULNERABLE:
- Go to Settings > About phone to see if you’re running version 4.1.1.
- Run the Lookout Mobile Security app
- If you’re vulnerable, check for updates
- If there are no updates, take the phone offline and remove all sensitive information from it
- Avoid browsing the Web, using email, or doing anything serious on the device until a fix is issued. “If you have a vulnerable device and there’s no fix available for you, I would be very cautious about using that device for sensitive data,” Lookout’s Marc Rogers told Ars Technica. “So I would be cautious about using it for banking or sending personal messages.”
Most likely, an attacker might try to lure you into an infected website via email or some other method, trying to use the Hearbleed vulnerability to extract information from Web browser tabs. We recommend you use the Google Chrome browser, if it’s available on your device, and update it. Be sure to download the Lookout Mobile Security app to see if your device is vulnerable.
Android phones that could be vulnerable to Heartbleed (all carriers)
These are phones that span across carriers and countries. It’s not a complete list. We’ve mostly tackled only the big manufacturers. Let us know of omissions by commenting.
| |
Launched With |
Update Available? |
Advice |
| Asus PadFone | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Asus PadFone 2 | Android 4.1 | Possibly | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| HTC One S | Android 4.0 | Yes, to 4.1.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| HTC One X | Android 4.0 | Yes, to 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| HTC One XL | Android 4.0 | Yes, to 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| HTC Evo 4G LTE | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| HTC Desire X | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| HTC One X+ | Android 4.1 | Possibly | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| LG Optimus L5 | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| LG Optimus L7 | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| LG Optimus L7 | Android 4.0 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| LG Optimus Vu (LG Intuition) | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| LG Optimus 4X HD | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| LG Optimus G | Android 4.0 | Yes, to 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Motorola Atrix HD | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Motorola Droid 4 | Android 2.3 | Yes, to 4.0 (or higher) | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Motorola Droid Razr | Android 2.3 | Yes, to 4.0 (or higher) | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Motorola Droid Razr Maxx | Android 2.3 | Yes, to 4.0 (or higher) | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Motorola Droid Razr I | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Motorola Droid Razr HD | Android 4.1 | Possibly | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Panasonic Eluga | Android 4.0 | Unlikely | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Nexus S (Google) | Android 2.3 | Yes, to 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy Mini 2 | Android 2.3 | Yes, to 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy Ace Plus | Android 2.3 | Yes, to 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy Ace 2 | Android 2.3 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Galaxy W (i8150) | Android 2.3 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Galaxy Chat | Android 4.0 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Galaxy Nexus | Android 4.0 | Yes, to 4.3 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Galaxy S Duo | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Galaxy S Advance (i9070) | Android 2.3 | Yes, to 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy S2 | Android 2.3 | Yes, to 4.1 or 4.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy S3 (Non-LTE) | Android 4.0 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Galaxy S3 (LTE) | Android 4.1.1 | Yes, to 4.1.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy Note | Android 2.3 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Galaxy Note 2 | Android 4.1 | Possibly | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy S3 Mini | Android 4.1.2 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia Tipo | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia Miro | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia E | Android 4.1 | Possibly | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Sony Xperia Go | Android 2.3 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia Sola | Android 2.3 | Yes, to 4.0 (or higher) | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia U | Android 2.3 | Yes, to 4.0 (or higher) | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia P | Android 2.3 | Yes, to 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Sony Xperia Ion LTE | Android 2.3 | Yes, to 4.0 (or higher) | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia Acro S | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia S | Android 2.3 | Yes, to 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Sony Xperia SL | Android 4.0 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia J | Android 4.0 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia V | Android 4.0 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia T | Android 4.0 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Sony Xperia Z | Android 4.1 | Yes, to 4.2.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Sony Xperia ZL | Android 4.1 | Yes, to 4.2.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Sony Xperia ZR | Android 4.1 | Yes, to 4.2.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Sony Xperia Z Ultra | Android 4.1 | Yes, to 4.2.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Sony Xperia SP | Android 4.1 | Yes, to 4.3 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
Android tablets that could be vulnerable to Heartbleed
These are tablets span across carriers and countries. It’s not a complete list. We’ve mostly tackled only the big manufacturers. Let us know of omissions by commenting.
| Launched With | Update available? | Advice | |
| Acer Iconia A700 | Android 4.0 | Yes, to 4.1.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Acer Iconia A110 | Android 4.1 | Possibly | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Asus Transformer Prime (TF201) | Android 4.0 | Yes, to 4.1.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Asus Transformer Pad 300 | Android 4.0 | Yes, to 4.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Asus Transformer Pad Infinity | Android 4.0 | Yes, to 4.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Asus FonePad | Android 4.1 | Possibly | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Cube U30GT 2 | Android 4.1.1 | Yes, to 4.2.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| HP Slate 7 | Android 4.1.1 | Yes, to 4.2.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Lenovo A2109 | Android 4.0.4 | Yes, to 4.1.1 | DO NOT UPDATE, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy Tab 2 7.0 | Android 4.0 | Yes, to 4.2.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Galaxy Tab 2 10.1 | Android 4.0 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Samsung Galaxy Note 10.1 | Android 4.0 | Yes, to 4.1.2 | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Toshiba Excite 10″ | Android 4.0 | Yes, 4.1.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
AT&T phones on sale now that could be vulnerable to Heartbleed
| |
Launched With |
Update Available? |
Advice |
| Samsung Galaxy S3 Mini | Android 4.1.1 | Yes, Version 4.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy Note 2 | Android 4.1.1 | Yes, 4.3 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
T-Mobile phones on sale now that could be vulnerable to Heartbleed
|
Launched With |
Update Available? |
Advice |
|
| Samsung Galaxy S3 Mini | Android 4.1.1 | Yes, Version 4.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| HTC One S | Android 4.0 | Yes, Version 4.1.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy Note 2 | Android 4.1.1 | Yes, Version 4.3 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
Verizon phones on sale now that could be vulnerable to Heartbleed
| Verizon |
Launched with |
Update Available? |
STATUS |
| Samsung Galaxy S3 Mini | Android 4.1.1 | Yes, Version 4.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy Note 2 | Android 4.1.1 | Yes, Version 4.3 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Kyocera Hydro Elite | Android 4.1 | Not that we know of | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| LG Enact | Android 4.1.2 | Not that we know of | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Casio G’zOne Commando | Android 4.1.2 | Not that we know of | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Droid Razr M | Android 4.1 | Not that we know of | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| LG Spectrum (Used) | Android 2.3 | No | NOT VULNERABLE, BUT YOU NEED A NEW PHONE |
| LG Revolution (Used) | Android 2.2 | No | NOT VULNERABLE, BUT YOU NEED A NEW PHONE |
Sprint phones on sale now that could be vulnerable to Heartbleed
| |
Launched with |
Update Available? |
Advice |
| Samsung Galaxy S3 Mini | Android 4.1.1 | Yes, Version 4.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy Note 2 | Android 4.1 | 4.4.2 in late April | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Galaxy S3 | Android 4.1 | Yes, Version 4.3 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Motorola Photon Q | Android 4.1 | Yes, Version 4.3 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| LG Viper (new and used) | Android 4.0 | Possibly | NOT VULNERABLE (PROBABLY), CHECK VERSION |
| Kyocera Hydro Edge | Android 4.1 | Not that we know of | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| HTC EVO | Android 4.1 | Yes, Version 4.3 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Kyocera Torque | Android 4.1 | Yes, Version 4.1.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Samsung Replenish (Used) | Android 2.2 | No | NOT VULNERABLE, BUT YOU NEED A NEW PHONE |
| Samsung Epic 4G (Used) | Android 2.3 | No | NOT VULNERABLE, BUT YOU NEED A NEW PHONE |
| Nexus S 4G | Android 4.0 | Yes, Version 4.1 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
U.S. Cellular phones on sale now that could be vulnerable to Heartbleed
| |
Launched with |
Update Available? |
Advice |
| Samsung Galaxy S3 Mini | Android 4.1.1 | Yes, Version 4.2 | DANGER! IF RUNNING 4.1.1, REMOVE SENSITIVE DATA, AVOID WEB |
| Huawei Ascend Y300 | Android 4.1.1 | No | DANGER! REMOVE SENSITIVE DATA, AVOID WEB |
Before you begin, please read our How to Protect Your Device from Heartbleed Guide. It will explain more about the Heartbleed bug. We also have a robust list of Websites Affected by Heartbleed, Apps Affected by Heartbleed, and Video Game Services Affected by Heartbleed.
If you have suggestions, please help us update this list. If you know someone who owns one of these affected phones, help them out and inform them.
