Long-term effects of the Heartbleed security bug are beginning to show themselves. A newly discovered vulnerability leaves Android and wireless routers open to attack.
Portuguese security researcher Luis Grangeia discovered the issue, which allows an attacker to pull data from a device’s memory over Wi-Fi. Named “Cupid,” the attack can expose passwords, certificates and private SSL keys.
Since the attack requires the use of a compromised wireless router, possible attacks are limited to the range of the router. This means attacks using this method will have much less of a reach than the original Heartbleed bug.
Grangeia says Android devices running version 4.1.1 (a version of “Jellybean”) are vulnerable. Attackers can steal data from Android devices with Wi-Fi enabled by offering up an open access point for devices to connect to.
It’s too early to panic about this type of attack, but you can take steps to prevent it. Make sure your Android device is running the latest operating system, secure your router with a strong password, and make sure its firmware is up to date.
Since Open SSL (the security protocol exploited by Heartbleed) is so widely used, we’ll likely see more attacks like this pop up in the future. For more information about Heartbleed, check out all our articles about it right here.
Source: GitHub | Luis Grangeia (Slideshare)
Via: The Verge
Follow Lewis on Twitter @lewisleong
