With advancement of Information Security and Encryption technologies we started feeling sense of relief as highly sophisticated technology are backing us and preventing illegitimate access also protecting us in the wild and open world of Internet. But what if the application we trust the most and rely on to provide security; itself has underlying bug that can be easily expose all our confidential information and transaction over the Internet.
This was the story that happened with OpenSSL, the application that millions users use for establishing and maintaining secure connection over unreliable WWW. With this bug attacker can steal up to payload of 64K data which consists of session ids, username and passwords of current transacting users via OpenSSL.
Heartbleed was the mechanism design to keep the session alive between two transacting parties but this opened loop hole to gain credentials if presented with different data payloads. With the help of this bug hackers can read everything from your back username & passwords, emails, any important official confidential conversation so it is our first priority to safeguard our self from this heart aching bug.Here in this article we will give you guidelines to protect your android devices from Heartbleed vulnerability and how to surf safe. So here’s the list:
- Change all your existing credentials: As soon as this vulnerability was exposed the first response from the security researchers was to ask every user to change their existing credentials, so that if hackers have already compromised your passwords, then they have to reattempt to gain your new credentials. So this applies to android users also, all your credentials must be changed with more complex set of passwords.
- Download OpenSSLDetector/HeartBleed Scanner: All these detector or scanners embedded functionality is to scan your device for the vulnerable OpenSSL version and warn you if you’re using the same. Android device is vulnerable if you have version 4.1.x. But, google immediately provided patch for Heartbleed as soon as this vulnerability surfaced up so all you need is to update your device e and you’re somewhat protected from this vulnerability. Sojust go in yoursettings >about phone >Click System updates.These scanner/detector apps will not warn if you’re connecting to a webserver which is vulnerable to this bug.
- Don’t use free WiFi or Public HotSpot: They all are trap, at least most of them. Intelligent users never do any bank transactions or any important high priority work form public hotspot, because it is very easy to sniff the traffic in this public zone and gain credentials. This Heartbleed vulnerability can also be exploited very easily over public network.
- Deploy Mechanisms like 2-Factor Authentication & Erase your cookies and sessions keys periodically: People run away from implementing additional layer of security because they don’t want to wait; they want things to be in the rapid pace, but many times this extra layer of security acts as a life savior. Also you should install a cleaner app which erases your session cookies and privacy data in couple of days, which is always a good security measure.