Save your Android Device from Heartbleed by BetaGlide

  • 525 views
Uploaded on

Researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating …

Researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use to encrypt and decrypt sensitive data.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
525
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
10
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Smartly retain and engage mobile app users www.betaglide.com Save  your  android  device  from  Heartbleed  
  • 2. Smartly retain and engage mobile app users www.betaglide.com What  is  Heartbleed?   Heartbleed  is  a  security  bug  in  the  open-­‐source  OpenSSL  cryptography   library,  widely  used  to  implement  the  Internet's  Transport  Layer  Security   (TLS)  protocol     It  has  the  ability  to  extract  massive  amount  of  data  from  the  services  that   we  use  every  day  and  assume  are  mostly  secure     It  exposes  data  held  in  a  server’s  RAM,  meaning  just  about  anyone  has   access  to,  and  can  snoop  on  Internet  traffic,  even  when  it’s  supposedly   encrypted    
  • 3. Smartly retain and engage mobile app users www.betaglide.com Is  Heartbleed  a  problem?   More  than  two-­‐thirds  of  websites  and  services  on  the  internet  use   OpenSSL     Heartbleed  is  not  malware  or  a  virus.  A  site  affected  by  Heartbleed  may   not  necessarily  have  had  any  data  stolen.  And  it’s  been  around,   undetected,  since  2012     All  forms  of  personal  encrypted  informaNon  (Passwords,  emails,  user   names,  communicaNon  etc.)  are  vulnerable  to  Heartbleed     YES!  It  is  a  problem      
  • 4. Smartly retain and engage mobile app users www.betaglide.com Is  my  Android  Device  affected?     Android  devices  running  Android  4.1.1  Jelly  Bean  are  vulnerable  to   Heartbleed     34.4%  of  Android  devices  are  running  Android  Jelly  Bean,  Google  doesn't   break  out  how  what  percentage  of  users  are  on  its  various  versions  —   4.1.1  and  4.1.2    
  • 5. Smartly retain and engage mobile app users www.betaglide.com Some  of  the  affected  devices   HTC  One  S  
  • 6. Smartly retain and engage mobile app users www.betaglide.com Some  of  the  affected  devices   HTC  One  X  
  • 7. Smartly retain and engage mobile app users www.betaglide.com Some  of  the  affected  devices   HTC  Evo  
  • 8. Smartly retain and engage mobile app users www.betaglide.com Some  of  the  affected  devices   Motorola   Atrix  HD  
  • 9. Smartly retain and engage mobile app users www.betaglide.com Is  there  a  soluDon?   Google  said  patching  informaNon  is  being  distributed  to  its  Android   partners     However,  due  to  fragmentaNon  it  will  take  some  Nme  reach  the  user     People  using  the  old  Android  so[ware  should  update  their  operaNng   system.  If  there  are  no  updates  available,  they  should  contact  their   smartphone’s  manufacturer  to  see  if  that  device  is  now  safe  to  use     People  using  Android  version  4.1.1  should  avoid  sensiNve  transacNons  on   their  mobile  devices      
  • 10. Smartly retain and engage mobile app users www.betaglide.com How  to  know  more  details?   Lookout  has  released  a  free  app  that  lets  Android  users  see  if  they  are   running  a  vulnerable  version  of  the  so[ware  on  their  phone    
  • 11. Smartly retain and engage mobile app users www.betaglide.com How  to  check  a  website?   Filippo  Heartbleed  Test       This  Heartbleed  test  sends  out   malformed  heartbeats  to  the  website   of  your  choice,  extracNng  around  80   bytes  of  memory  as  proof.  In  other   words,  the  test  a]acks  the  site  much   like  a  hacker  would,  to  test  whether   the  site  is  vulnerable  to  Heartbleed.      
  • 12. LastPass  Heartbleed  Checker     The  LastPass  team  has  also  put  up  a   tool  for  you  to  check  for  affected   sites.  All  you  have  to  do  is  to  type  in   the  domain  of  the  website  you   want  to  check  and  then  click  on  See   if  the  site  is  vulnerable  to   Heartbleed.       Smartly retain and engage mobile app users www.betaglide.com How  to  check  a  website?  
  • 13. Smartly retain and engage mobile app users www.betaglide.com About  BetaGlide   BetaGlide  detects  issues  related  to  device  fragmentaNon  and  helps  increase   engagement  and  reach  business  goals.  BetaGlide  is  the  fastest  and  the  most   intelligent  way  to  know  your  customers,  their  issues  and  reach  out  to  them.       IntegraNng  BetaGlide  takes  less  than  2  minutes.      Increase  engagement,  higher  raNngs  and  more  downloads  with  BetaGlide.