Heartbleed: Motorola and Google...damn
 

Been a huge Motorola fan boy since the early 80's...yeah I paid $495 for a beeper and more than $4,000 for my first suite case cell phone. Like Google too.

MY tablet has an OS vulnerable to the heartbleed exploit and it took until the 5th tech support person to even find someone to know what it was.

They said to install virus software (won't help with how the exploit works)

They have no idea of when or if they will fix the problem and no mechanism in place to alert people if there is a fix or what to do.

For now I am bringing the table back to factory state and waiting. What a fuck up.

I smell a BIG class action suit brewing.

I've found the amount of info is sort of lacking as regards mobile.

I think the mobile threat may be overstated. Really, how many incoming services using SSL are used on mobile where there is an incoming connection from an unknown host? In my experience most mobile networks are NATed anyways, and so is your home WiFi. I haven't seen an indepth explanation of so far, just lists of mobile apps that have been compiled using vulnerable versions.

My experience with guys on the security side of the IT house is usually they have very little ability to measure actual likelihooods or effects. It's all 'the sky is falling' FUD. I've never met a security guy I had any respect for.

Just for fun just quickly checked any UPNP assigned ports on my home router and I've got nothing for my phone or tablet. So as far as I'm aware all persistent connections are established with the mobile device as the source. Which would mean that Heartbleed is irrelevant in that situation.

From what I understand a malicious (or hacked) web site can get what's in the ram of effected phones and tablets.

Right now my tablet is going to be used for netflix and that's it.It will not be replaced by a Motorola one thats for sure.

get an iphone and an ipad

You're right suesheboy, I educated myself a little bit further and some sources claim that the heartbeat requests are two-way, so a client once it has connected to a host of its choosing would be vulnerable. The important part there is a host of its choosing - there's no ability to exploit this without the connection being initiated by the client.
This limitation is pretty seriously limiting though in my opinion.

Therefore, you would have to be visiting a website whose server has and continues to be seriously compromised (not just heartbleed vulnerable or previously heartbleed vulnerable) but actually taken over by bad actors. So all the usual caveats about not clicking random crap links sortof applies, and I'm sure chrome and antivirus and google search would have a chance to warn you of malware just like usual as soon as they are up to speed. You can pretty easily self police this as far as browsing goes by thinking twice before you use https.

Beyond that, you already did have to evaluate whats sites your apps were connecting to, and if some of them might be small enough to be compromised and stay compromised for heartbleed, so this little wrinkle just ups the ante in that vein a little more.

I think most people when they hear android 4.1.x is affected think that they are suddenly going to be hit by scanning malware completely foreign to them, but that's not how it works.

Funny thing is I have to buy both in order to build out apps, but I don't see myself using them as much. I almost never use my lap top, I use a tablet constantly.

:1orglaugh:1orglaugh:1orglaugh:1orglaugh:thumbsup: thumbsup

bigluv who ever comes up with the silver bullet can sell it and make a fortune!

You have to have something the hacker wants. Nobody in this thread has something they want. So don't worry about getting hacked.

Lets see...webmasters with access to countless web sites backends...yeah we are low value targets....NOT! :Oh crap

I still don't make credit card transactions on my phone yet...I just don't trust it and don't know if I ever will.