When the Heartbleed bug was revealed in early April, most computer users scrambled to protect their sensitive information from falling into the wrong hands. Users changed passwords, signed up for two-factor authentication and updated their security patches and operating systems to ensure that they wouldn’t fall victim to hackers exploiting the bug.
Concerned About Heartbleed?
What many experts point out, though, is that the vast majority of users focused only on securing their PCS, and did not consider the vulnerabilities to mobile devices operating on certain Android platforms. (Heartbleed does not affect Apple products on the iOS platform.) More specifically, Android devices that use version 4.1.1 are still vulnerable to the bug, meaning that any sensitive information you share on your phone or tablet could be stolen by hackers.
Are You Vulnerable?
Before you panic and consider your Android a dangerous device, it is important to point out is that not all Android devices are vulnerable to Heartbleed, and that you can employ Android security measures to better protect your information going forward.
The first step is to determine whether your device could possibly fall victim to Heartbleed. Google estimates that about 34 percent of the Android devices in use today — about 300 million phones and tablets — could have been exposed to the bug. To help you assess your risk, the Google Play store is offering a free app that will tell you whether the bug affects the version of Open SSL on your device, whether or not it’s been launched on your device and whether or not you need to take further action.
If your device is safe from the bug, you only need to protect it going forward. If it’s vulnerable, you need to take a few steps to protect your information now.
Keeping Your Mobile Data Safe:
Again, panicking is not the solution if it turns out you have a vulnerable Android device. That doesn’t mean that a hacker has your bank log-in information or that your friends will suddenly start receiving spam supposedly from your email address.
However, you do need to take precautions to prevent that from happening. To that end:
Step1: Stop using your phone to send sensitive information. Do not log in to your bank, your credit card or corporate networks until you are sure your have secured your phone.
Step 2: Check for updates. On most devices, you can find them in the Settings menu. If updates are available, install them.
Step 3: Compare your installed apps to a list of affected apps. Some experts suggest that the bug affects two-thirds of all websites, and even if you are using a mobile app, your information could be stolen. Although most of the affected sites have patched their vulnerability, you should still protect your information and accounts by changing passwords on affected apps.
Step 4: Log out of the affected apps, and then log back in. Doing so will create new security tokens for your device, which should close the security gap.
Step 5: Change your passwords. Even if you reduce your vulnerability to the bug, if a hacker already has your log-in information and you do not change it, you could experience data loss. When changing your passwords, follow best practices: Develop a code of eight characters or more; combination of letters, numbers and symbols and avoid dictionary words.
Step 6: Employ two-factor authentication. Most major online services offer two-factor authentication now, and using it can keep your accounts safe even if your password has been compromised. Most services require you to enter a one-time use code each time you log in; the code is sent via text message, so therefore you would need to have your phone with you in order to log in to your account, satisfying the “something you have” requirement of two-factor authentication. It’s not always convenient, but it does keep your information safe.
To fully protect your accounts and keep your data safe, you’ll have to run through this six step process for every Android device you use.
And once you protect your Android device against Heartbleed, be sure to follow best practices to ensure mobile security going forward. Be cautious when connecting to public Wi-fi networks, use antivirus products designed to protect against infections from rogue apps and be aware of common phishing schemes that are designed to steal data from unsuspecting users. Be a smart user, and you won’t face the headaches and costs that come from stolen information.