Heartbleed bug still present on Note 4

[leedsnyc]

Hi, I know this is an old-ish problem but I want to know why Samsung phone still show that the heartbleed vulnerability exist on the phone?

I have run scans with McAfee and Lookout's respective scanner apps and both show the bug being present but disabled. Does this mean security is still an issue using the phone?

I have had fraud happen twice in the last 3 months and can only pin point it to using the Note 4 as I've never had fraud happen before using other Samsung phones.

I would really appreciate any information you guys can give to help me understand why the bug is still in the android os on the Note 4.

Thanks

 

[Golfdriver97]

I was under the impression that the Heartbleed bug was fixed in 4.2. It might be misflagged in the apps you have.

However, it probably wouldn't be a bad idea to double check. Here are a couple heartbleed test apps:

https://forums.androidcentral.com/e...ls?id=com.trustlook.heartpulse&token=br_zYKfS

https://forums.androidcentral.com/e...d=com.bblabs.heartbleedscanner&token=5oTbYepk

 

[Almeuit]

I would try what Golf said.

 

[leedsnyc]

Hi guys, yeah I tried dozens of heartbleed scanner and they all day that the openSSL version on the phone is vulnerable but disabled. Do you guys get the same result? It was supposed to be fixed in 4.2 but dunno if Samsung adopted the fix?

 

[Golfdriver97]

I tried the second app, and only 8 or 9 apps had the signature but only 1 was vulnerable, and that was a game. I am not too worried.

From an AOSP M8

 

[leedsnyc]

Have you tried the lookout scanner? I guess I'm just wanting some reassurance that others have the same thing where the bug is located and said that android version is affected by the open SSL vulnerability but that it is disabled.

 

[shaleem]

I was under the impression that the Heartbleed bug was fixed in 4.2. It might be misflagged in the apps you have.

However, it probably wouldn't be a bad idea to double check. Here are a couple heartbleed test apps:

https://forums.androidcentral.com/e...ls?id=com.trustlook.heartpulse&token=7WYfofFb

https://forums.androidcentral.com/e...d=com.bblabs.heartbleedscanner&token=yJzawDXH

I tried both apps. Nothing on my device was vulnerable.

Posted via the Android Central App on my Samsung Galaxy Note 4

 

[leedsnyc]

I get this on my Note 4 when I use the first app you provided the link to:

"Device has openSSL version 1.01e-fips which is affected by heartbleed bug"
"Vulnerable behaviour is not enabled"
"Device is safe"

Is this similar to what you get?

 

[Golfdriver97]

I get this on my Note 4 when I use the first app you provided the link to:

"Device has openSSL version 1.01e-fips which is affected by heartbleed bug"
"Vulnerable behaviour is not enabled"
"Device is safe"

Is this similar to what you get?

I just looked at Lookout, and got the same message. I am not concerned.

 

[leedsnyc]

Thanks Golf. Appreciate your reply on this

Posted via the Android Central App