Heartbleed bug could target Android phones and wireless routers

Heartbleed has a new wireless-based attack vector, according to security expert's findings

Android phones and wireless routers accessible via Wi-Fi might be at risk from attackers utilising a new form of the Heartbleed bug, it has been revealed.

The security world is still feeling the effects of Heartbleed seven weeks after its discovery lead to websites scrambling to protect their data.

Security expert Luis Grangeia, a partner and security services manager at SysValue, has apparently found a vector through which the bug can attack wireless devices and Android phones.

Advertisement - Article continues below

Dubbed "Cupid", the new attack line would perform the same procedure as the original Heartbleed bug except over wireless connections instead of the open web.

It's unclear how many devices may be vulnerable but the spread will probably be more contained than the original, according to Grangeia. EAP-based routers are the most vulnerable to Cupid as they need both an individual login and password, which an attacker would be able to pull from the router or server.

"The attack occurs before login, specifically on the authentication stage, so no credentials are needed to perform it," said Grangeia.

Android devices that are still running the 4.1.1 version of Jelly Bean are also particularly vulnerable through their wireless connectivity. An attacker could open up a connection to the device via the infected network and lift as much information as they want from the victim's phone.

Advertisement
Advertisement - Article continues below

Millions of Android devices still use the 4.1.1 version of Jelly Bean, despite an update being released in the wake of the original Heartbleed discovery. Mac OSX and iOS might also be at risk to Cupid, added Grangeia, who urged administrators to "test everything".

Most modern systems will have by now upgraded to a Heartbleed-proof version of OpenSSL by now, but no matter how thoroughly the security world tries, there will more than likely be more vulnerabilities in the future.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020
Visit/security/malware/356231/most-malware-came-through-https-connections-in-q1-2020
malware

Most malware came through HTTPS connections in Q1 2020

25 Jun 2020
Visit/security/phishing/356211/phishing-attacks-target-unsuspecting-wells-fargo-customers
phishing

Phishing attacks target unsuspecting Wells Fargo customers

24 Jun 2020
Visit/security/hacking/356210/trump-administration-wants-to-enhance-the-security-of-gov-sites
hacking

Trump administration wants to enhance the security of .gov sites

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/business/policy-legislation/356256/uk-invested-about-ps500m-in-wrong-gps-satellites
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020