1. leedsnyc's Avatar
    Hi, I know this is an old-ish problem but I want to know why Samsung phone still show that the heartbleed vulnerability exist on the phone?

    I have run scans with McAfee and Lookout's respective scanner apps and both show the bug being present but disabled. Does this mean security is still an issue using the phone?

    I have had fraud happen twice in the last 3 months and can only pin point it to using the Note 4 as I've never had fraud happen before using other Samsung phones.

    I would really appreciate any information you guys can give to help me understand why the bug is still in the android os on the Note 4.

    Thanks
    01-21-2015 09:58 AM
  2. Golfdriver97's Avatar
    I was under the impression that the Heartbleed bug was fixed in 4.2. It might be misflagged in the apps you have.

    However, it probably wouldn't be a bad idea to double check. Here are a couple heartbleed test apps:

    https://play.google.com/store/apps/d...ook.heartpulse

    https://play.google.com/store/apps/d...rtbleedscanner
    Almeuit, leedsnyc and shaleem like this.
    01-21-2015 10:31 AM
  3. Almeuit's Avatar
    I would try what Golf said.
    Golfdriver97 likes this.
    01-21-2015 11:00 AM
  4. leedsnyc's Avatar
    Hi guys, yeah I tried dozens of heartbleed scanner and they all day that the openSSL version on the phone is vulnerable but disabled. Do you guys get the same result? It was supposed to be fixed in 4.2 but dunno if Samsung adopted the fix?
    01-21-2015 02:47 PM
  5. Golfdriver97's Avatar
    I tried the second app, and only 8 or 9 apps had the signature but only 1 was vulnerable, and that was a game. I am not too worried.

    From an AOSP M8
    01-21-2015 03:18 PM
  6. leedsnyc's Avatar
    Have you tried the lookout scanner? I guess I'm just wanting some reassurance that others have the same thing where the bug is located and said that android version is affected by the open SSL vulnerability but that it is disabled.
    Ntchwaidumela likes this.
    01-21-2015 03:27 PM
  7. shaleem's Avatar
    I was under the impression that the Heartbleed bug was fixed in 4.2. It might be misflagged in the apps you have.

    However, it probably wouldn't be a bad idea to double check. Here are a couple heartbleed test apps:

    https://play.google.com/store/apps/d...ook.heartpulse

    https://play.google.com/store/apps/d...rtbleedscanner
    I tried both apps. Nothing on my device was vulnerable.

    Posted via the Android Central App on my Samsung Galaxy Note 4
    01-21-2015 03:52 PM
  8. leedsnyc's Avatar
    I get this on my Note 4 when I use the first app you provided the link to:

    "Device has openSSL version 1.01e-fips which is affected by heartbleed bug"
    "Vulnerable behaviour is not enabled"
    "Device is safe"

    Is this similar to what you get?
    01-21-2015 04:24 PM
  9. Golfdriver97's Avatar
    I get this on my Note 4 when I use the first app you provided the link to:

    "Device has openSSL version 1.01e-fips which is affected by heartbleed bug"
    "Vulnerable behaviour is not enabled"
    "Device is safe"

    Is this similar to what you get?
    I just looked at Lookout, and got the same message. I am not concerned.
    leedsnyc likes this.
    01-21-2015 07:43 PM
  10. leedsnyc's Avatar
    Thanks Golf. Appreciate your reply on this

    Posted via the Android Central App
    01-21-2015 07:48 PM

Similar Threads

  1. Replies: 1
    Last Post: 05-16-2015, 08:49 AM
  2. Replies: 1
    Last Post: 01-21-2015, 07:50 PM
  3. Replies: 2
    Last Post: 01-21-2015, 03:47 PM
  4. Replies: 1
    Last Post: 01-21-2015, 09:41 AM
  5. Sync email only over wi-fi on S4?
    By Zac_AUS in forum Samsung Galaxy S4
    Replies: 0
    Last Post: 01-21-2015, 06:16 AM
LINK TO POST COPIED TO CLIPBOARD