The widespread bug in the widely used Web encryption program OpenSSL, known as “Heartbleed”, can be found not only in hundreds of thousands of websites, email servers, ordinary PCs and firewalls, but on mobile devices as well. The flaw threatens the data privacy of millions of smartphone and tablet users running Google Inc.s Android operating system.
Although Google assured its users on April 9th that all versions of Android are not susceptible to the flaw, the company noted there was a limited exception – the 4.1.1 version. Despite the fact it was released in 2012, the Android 4.1 version is still run by millions of mobile devices, including smartphones and tablets made by Samsung Electronics and other tech giants. Google said that less than 10% of active devices are prone to data theft, but according to its own statistics, more than 30% of Anroid devices run some version of the 4.1 operating system.
The Heartbleed bug remained undetected for 2 years and can be utilized without leaving a trace, spurring fears in consumers that attackers may have stolen data from many networks without their knowledge. Internet users went into a panic on Monday after researchers at Codenomicon and Google sounded the alarm that the Heartbleed vulnerability can allow such a theft.
On Friday, Robin Seggelmann, a 31-year-old German volunteer coder, admitted he had unintentionally created the bug little over two years ago, while working on bug fixes for OpenSSL. He said that the vulnerability had since then been continuously overlooked by OpenSSL coders.
Internet users around the world were even more outraged after Bloomberg reported on Friday that the US National Security Agency allegedly knew about the flaw for two years, but refrained from disclosing it in order to use it to gain information on foreign targets. The agency and the White House in return denied those accusations.
And while a fix was created shortly after the bugs disclosure on Monday and was implemented by the majority of affected Internet properties, patching up Anrdoid devices will take much more time. Even though Google has provided the fix, it will be up to carriers and device manufacturers to implement it on their devices.
Michael Shaulov, chief executive officer and co-founder of Lacoon Security Ltd., a cyber-security company focused on advanced mobile threats, said for Bloomberg: “One of the major issues with Android is the update cycle is really long. The device manufacturers and the carriers need to do something with the patch, and that’s usually a really long process.”
Among other major tech companies affected by the “Heartbleed” flaw are Cisco Systems Inc. and Juniper Networks Inc., which admitted that some of their networking-gear products were vulnerable, but will be patched. Microsoft Corp. announced that its Windows and Windows Phone operating systems have not been affected by the bug. Verizon Wireless, the biggest U.S. mobile-phone company, said that no other operating systems, except Android 4.1.1, have been impacted and that the carrier is working with the device manufacturers to deploy the necessary fixes.
Google Inc. fell by 1.91% on Friday to close the session at $530.60 per share, marking a market capitalization of $359.66 billion. According to CNN Money, the 40 analysts offering 12-month price forecasts for Google Inc have a median target of $675.00, with a high estimate of $750.00 and a low estimate of $525.51. The median estimate represents a +27.21% increase from the last price of $530.60.
TradingPedia.com is a financial media specialized in providing daily news and education covering Forex, equities and commodities. Our academies for traders cover 
