CHINA TOPIX

12/22/2024 09:09:29 pm

Make CT Your Homepage

Millions of Android smartphones in China at risk from Heartbleed bug

Reports have confirmed that Android is not immune to the Heartbleed bug that allows hackers or cybercriminals to steal passwords and other personal information, including bank account numbers.

Recent studies showed that out of the more than one billion active Android devices worldwide, 270 million are in China. Android also accounts for 66 percent of China's total mobile platform market.

Like Us on Facebook

When news of Heartbleed bug was made public two weeks ago, Google, Inc. said that all versions of Android except one was immune to Heartbleed. Google said this "limited exception" was one version identified as 4.1.1 that was released in 2012.

It later turned out that Android Version 4.1.1, that Google admits to have been compromised by Heartbleed bug, runs on millions of smartphones and tablets worldwide, including those in China.

Data from Google shows that 34 percent of Android devices come with built-in software that is a variation of 4.1. Google also said less than 10 percent of active devices are vulnerable to Heartbleed. Applying this percentage to the number of Android devices in China means that up to 27 million Android smartphones and tablets have a potential to be infected.

Security analysts have discovered that Android devices running version 4.1.1 include popular models made by HTC Corporation, Samsung Electronics Company, and other handset manufactures. Taiwan-based HTC is the number three smartphone brand in the United States, after Apple and Samsung, and accounts for 9.4% of the world smartphone market.

Experts said there is no easy solution for Android gadgets infected with the Heartbleed bug. Google has provided a security patch for the Heartbleed bug, but said it's up to handset makers and wireless carriers to update smartphones and tablets.

The Heartbleed bug takes advantage of a vulnerability in certain versions of OpenSSL, a set of encryption tools used for securing Web connections. It also gives cybercriminals access to critical data, which include user authentication credentials and passwords.

Real Time Analytics