Heartbleed Security Scanner

Heartbleed Security Scanner (Heartbleed Detector) 1.0

Check if you have the Heartbleed vulnerability

Heartbleed Security Scanner is a very simple app from Lookout Mobile Security that tells you whether your phone is at risk from the OpenSSL Heartbleed bug. View full description

PROS

  • Very easy-to-use

CONS

  • Limited options
  • Better alternatives available

Not bad
6

Heartbleed Security Scanner is a very simple app from Lookout Mobile Security that tells you whether your phone is at risk from the OpenSSL Heartbleed bug.

It's exceptionally simple to use because there are virtually no options: open the app and it will automatically scan and tell you if your device is compromised.

Unfortunately, the simplicity means that it's incredibly limited and there's no detailed breakdown to see what apps could be affected, but it still works as a quick check in a pinch.

Description

The Lookout Heartbleed Detector can be used to determine whether or not your Android device is vulnerable to the Heartbleed bug in OpenSSL. This app works by determining what version of OpenSSL your device is using. If your device is using one of the affected versions of OpenSSL, we then check to see if the specific vulnerable feature called heartbeats is enabled.

What is Heartbleed? Heartbleed is a software flaw in the OpenSSL “Heartbeat” function that helps keep secure connections alive. This function was found to be vulnerable to manipulation in a way that allows an attacker to steal up to 64K of data at a time from the active memory of affected systems. The bug, found by researchers from Codenomicon and Google, and filed with the following reference number – CVE-2014-0160, impacts any infrastructure that includes the affected versions of OpenSSL.

Will this app fix the Heartbleed vulnerability? This app is not meant to fix this vulnerability, as this will need to be patched by Google or your device manufacturer, and it is only meant to keep you informed about the status of your device. The good news is that Lookout has not yet seen the Heartbleed vulnerability exploited on a mobile device, but you can stay updated with the latest information on our blog at blog.lookout.com.

Does this tell me if my apps are affected? No. This app will not detect if any of the services or accounts (the apps and websites you visit) on your device are vulnerable and is only meant to detect vulnerabilities in Android. In other words, your operating system might be fine, but the websites you’re accessing might not. Look out for emails from companies with whom you have online accounts. If they needed to issue a patch, hopefully they will be alerting their consumers. You can check out our blog on the issue here: https://blog.lookout.com/blog/2014/04/09/heartbleed/

Note on Permissions: This app only uses the internet permission when you explicitly share the results of your scan with us. If you choose not to, we won't collect any information.
Heartbleed Security Scanner

Download

Heartbleed Security Scanner (Heartbleed Detector) 1.0