Heartbleed, Two Weeks Later: A Graphical Report

This report is written 16 days after the vulnerability’s initial disclosure. The Trustlook team has analyzed Alexa’s top 1 million websites and over 120,000 apps from Google Play. To show you Heartbleed’s aftermath after 2 weeks and onward.

According to the scan results of the Alexa top 1 million websites, 451,470 websites have enabled SSL connections, and of them, 19,566 or 4.4% of websites are still vulnerable.

Screen Shot 2014-04-23 at 9.24.37 PM copy
Vulnerable websites, by percentage

Screen Shot 2014-04-25 at 11.58.14 AM
Vulnerable Websites, by Category

For mobile platforms, Android 4.1.1, which occupies 7% of Android market share, is vulnerable due to the OpenSSL version it used. What makes things worse is that Android is a highly fragmented OS, some 3rd party ROMs react slowly on patches and updates. After scanning 120,000 apps from Google Play, 8.7% of the apps that enables SSL connection have been found vulnerable, which affects more than 150 million users.

Screen Shot 2014-04-23 at 9.25.48 PM copy
Vulnerable Android Version, by percentage

Screen Shot 2014-04-24 at 11.50.37 AM copy
Vulnerable Android Apps

Trustlook in HeartBleeding

We know the Heartbleeding is going on crazy. As some of the mobile devices is also impacted.  In order to easy your scan and testing work. Here Trusltook Research team has released a tiny swiss army toolkit, Heartbleed Pulse in Google Play.

Get it on Google Play

The application is super easy to use, It contains three sections.

At the first section, it will show your device information which includes the OpenSSL library is vulnerable or not and has the heartbeat feature is enable or not.

 

device-shot-2014-04-14-210414

 

The second section contains the app scan feature. After simple click , the app scan result will be display at all

device-2014-04-14-215436

 

Third section listed some patched and unpatched website.If you want to test again your website, just fill your domain name in the text box and then click “check” button and  The result will come back in seconds.

 

device-shot-2014-04-14-210524

 

Trustlook Antivirus
Trustlook Antivirus

If you want to get more protection, you can always download and install Trustlook Antivirus to get you more protection.

 

 

Hunt for Heartbleed on Google Play

heart3

You may have heard that Heartbleed is a vulnerability that mainly affect the server side, for example, leaking your session IDs, account passwords and cookies while you are surfing a website, regardless of what client side you are using, a browser or an app.

According to our scanning, we found 24 apps have accessed Heartbleed impacted URLs, which means all the data that app communicated with server are in danger of being compromised by hackers. We already marked those apps as “High Risk” in Trustlook Antivirus.

Trustlook will keep updating the scanning results, add the newly found ones and remove the fixed ones. If you see the following warning, be careful:

Screenshot_2014-04-15-02-31-41

File Expert App AWS Credential Leak

Screen Shot 2014-04-10 at 5.02.47 PM

 

This is a follow up about our previous post. We have found a popular file management & cloud storage app “File Expert” (over 20 million installs) has leaked their AWS credential in APK file, which allows attackers to gain access of the Amazon cloud infrastructure.

Screen Shot 2014-03-29 at 11.21.21 AM

Trustlook has been worked with File Expert team and the problem has already been fixed. The original leaked key is no longer valid, and the newest version has changed the implementation on accessing AWS. As the fix is on server side, it can no longer be exploited regardless of the app version.

We’ll keep update on our progress and discoveries on credential leak vulnerabilities.

—————

Mar 30: Vulnerability discovered when scanning on Google Play
Apr 1: Notified Vendor
Apr 2: Vendor responsed, started investigation
Apr 6: Vulnerability confirmed and fixed.
Apr 10: Disclose

Who is stealing your phone number?

Phone number is your important privacy. Any apps should not send it outside without your approval. Every week we find hundreds of apps that have stealing behavior. Here are some of them that we found last week. All of them has been identified as “high risk” on Trustlook Antivirus.

Business Insider
com.freerange360.mpp.businessinsider
100,000 – 500,000 Installs

Report   Trustlook12 Report   Trustlook13

Block Calls & Caller ID
com.privacystar.android
1-5 million installs

Report   Trustlook6

Report   Trustlook7

Tone Room Deluxe
com.zed.TrdWapLauncher
1-5 million installs

Report   Trustlook4

Report   Trustlook5

Total Equipment Protection App
com.asurion.android.mobilerecovery.sprint
1-5 million installs

Report   Trustlook2

Report   Trustlook3

Antivirus & Security
co.securifox.android
100,000 – 500,000

Report   Trustlook10

Report   Trustlook11

Zlango Messaging
com.zlango.zms

Report   Trustlook

Report   Trustlook1