Heartbleed bug could target Android phones and wireless routers

Heartbleed has a new wireless-based attack vector, according to security expert's findings

Android phones and wireless routers accessible via Wi-Fi might be at risk from attackers utilising a new form of the Heartbleed bug, it has been revealed.

The security world is still feeling the effects of Heartbleed seven weeks after its discovery lead to websites scrambling to protect their data.

Security expert Luis Grangeia, a partner and security services manager at SysValue, has apparently found a vector through which the bug can attack wireless devices and Android phones.

Dubbed "Cupid", the new attack line would perform the same procedure as the original Heartbleed bug except over wireless connections instead of the open web.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It's unclear how many devices may be vulnerable but the spread will probably be more contained than the original, according to Grangeia. EAP-based routers are the most vulnerable to Cupid as they need both an individual login and password, which an attacker would be able to pull from the router or server.

"The attack occurs before login, specifically on the authentication stage, so no credentials are needed to perform it," said Grangeia.

Android devices that are still running the 4.1.1 version of Jelly Bean are also particularly vulnerable through their wireless connectivity. An attacker could open up a connection to the device via the infected network and lift as much information as they want from the victim's phone.

Millions of Android devices still use the 4.1.1 version of Jelly Bean, despite an update being released in the wake of the original Heartbleed discovery. Mac OSX and iOS might also be at risk to Cupid, added Grangeia, who urged administrators to "test everything".

Most modern systems will have by now upgraded to a Heartbleed-proof version of OpenSSL by now, but no matter how thoroughly the security world tries, there will more than likely be more vulnerabilities in the future.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019