Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

Motorola Community

Droid PhonesDROID ULTRA & ULTRA MAXX
All Forum Topics
Options

75 Posts

10-21-2011

United States of America

74 Signins

1313 Page Views

  • Posts: 75
  • Registered: ‎10-21-2011
  • Location: United States of America
  • Views: 1313
  • Message 1 of 10

Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-22, 23:00 PM


I ran the Lookout security Heartbleed detector and it shows my Droid Maxx has a version of openSSL that is affected by Heartbleed but that the behavior has not been activated. Is there any patch coming for the Ultra/Maxx?

Reply
Options

12372 Posts

02-02-2016

United States of America

2935 Signins

20947 Page Views

  • Posts: 12372
  • Registered: ‎02-02-2016
  • Location: United States of America
  • Views: 20947
  • Message 2 of 10

Re: Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-22, 23:51 PM


You might want to take a look at this and this.



As long as the Lookout scan said everything is OK, and you follow the precautions in the first link, you should be fine.  Your Droid Maxx should at least be on version 4.4 of the Android OS, and Motorola says there's only one model on the vulnerable OS version, which is 4.1.1.  



 

Reply
Options

49 Posts

03-14-2014

United States of America

158 Signins

2077 Page Views

  • Posts: 49
  • Registered: ‎03-14-2014
  • Location: United States of America
  • Views: 2077
  • Message 3 of 10

Re: Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-23, 0:02 AM


Looks like it's only 4.1.1 Jelly Bean at risk per this site...

http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html?m=1 




"Android


All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners).


We will continue working closely with the security research and open source communities, as doing so is one of the best ways we know to keep our users safe."



Hope that eases your mind a bit. Cheers!

Reply
Options

75 Posts

10-21-2011

United States of America

74 Signins

1313 Page Views

  • Posts: 75
  • Registered: ‎10-21-2011
  • Location: United States of America
  • Views: 1313
  • Message 4 of 10

Re: Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-23, 0:39 AM


Well then the Lookout scanner is giving false positives

Reply
Options

391 Posts

06-23-2012

United States

0 Signins

0 Page Views

  • Posts: 391
  • Registered: ‎06-23-2012
  • Location: United States
  • Views: 0
  • Message 5 of 10

Re: Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-23, 13:09 PM


Try this one by Bluebox, it appears to be more accurate:



https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner&hl=en

Reply
Options

13997 Posts

02-02-2016

United States of America

322 Signins

2684 Page Views

  • Posts: 13997
  • Registered: ‎02-02-2016
  • Location: United States of America
  • Views: 2684
  • Message 6 of 10

Re: Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-23, 15:27 PM


LSS said:


Try this one by Bluebox, it appears to be more accurate:



https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner&hl=en


View original


I kind of like CM Security myself ....they have this app:



https://play.google.com/store/apps/details?id=com.cleanmaster.security.heartbleed&hl=en

Comment in the spirit of COMMUNITY: "Share experiences / expertise, engage in the discussions, and offer advice and suggestions."
Reply
Options

391 Posts

06-23-2012

United States

0 Signins

0 Page Views

  • Posts: 391
  • Registered: ‎06-23-2012
  • Location: United States
  • Views: 0
  • Message 7 of 10

Re: Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-23, 16:15 PM


eaccents said:



LSS said:


Try this one by Bluebox, it appears to be more accurate:



https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner&hl=en


View original


I kind of like CM Security myself ....they have this app:



https://play.google.com/store/apps/details?id=com.cleanmaster.security.heartbleed&hl=en


View original


CM Security Heartbleed reports the latest Netflix as "Dangerous".



Bluebox reports the latest Netflix as safe because it is using OpenSSL 1.0.1g, the recommended version of OpenSSL to use.



FYI, Bluebox was also reporting Netflix as vulnerable before the last update Netflix just released, but not since.

Reply
Options

13997 Posts

02-02-2016

United States of America

322 Signins

2684 Page Views

  • Posts: 13997
  • Registered: ‎02-02-2016
  • Location: United States of America
  • Views: 2684
  • Message 8 of 10

Re: Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-24, 2:07 AM


LSS said:



eaccents said:



LSS said:


Try this one by Bluebox, it appears to be more accurate:



https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner&hl=en


View original


I kind of like CM Security myself ....they have this app:



https://play.google.com/store/apps/details?id=com.cleanmaster.security.heartbleed&hl=en


View original


CM Security Heartbleed reports the latest Netflix as "Dangerous".



Bluebox reports the latest Netflix as safe because it is using OpenSSL 1.0.1g, the recommended version of OpenSSL to use.



FYI, Bluebox was also reporting Netflix as vulnerable before the last update Netflix just released, but not since.


View original


Interesting.  I will try both apps on multiple devices....unfortunately, I don't have Netflix running on any of my devices so I never would have found this discrepancy--thanks!



ALL:  please post if you notice any other discrepancies between any of the Heartbleed apps.  

Comment in the spirit of COMMUNITY: "Share experiences / expertise, engage in the discussions, and offer advice and suggestions."
Reply
Options

391 Posts

06-23-2012

United States

0 Signins

0 Page Views

  • Posts: 391
  • Registered: ‎06-23-2012
  • Location: United States
  • Views: 0
  • Message 9 of 10

Re: Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-24, 13:20 PM


eaccents said:



...



Interesting.  I will try both apps on multiple devices....unfortunately, I don't have Netflix running on any of my devices so I never would have found this discrepancy--thanks!



ALL:  please post if you notice any other discrepancies between any of the Heartbleed apps.  


View original


You're welcome.



FYI, Bluebox reports Osmos HD as vulnerable too.  I contacted them and received this response:



Hi there,



Thank you for your proactive concern with regards to the Heartbleed OpenSSL vulnerability. While this app does contain a vulnerable version of OpenSSL, we have investigated the potential impact on players and determined that none of your personal information is at risk for exposure, so we are confident that it is not necessary to update the app specifically for this issue in order to protect your personal information.



This game uses Apportable’s technology to run on Android devices, and Apportable has posted further information addressing Heartbleed-related issues in its platform here: http://blog.apportable.com/heartbleed-and-games-on-android.



We do recommend that you change your passwords to web-based services that commonly interact with Android apps, such as Google Play/Google Wallet, Facebook, Twitter, and any game- or app-specific login credentials, as has been recommended by many authorities in the aftermath of the Heartbleed discovery and resolution. If you would like to verify whether a particular service has been updated to address the vulnerability before changing your credentials, please go tohttp://tif.mcafee.com/heartbleedtest. Thank you again for your concern and we hope you continue to enjoy the game!



Ryan 

The Apportable Team


In addition, OfficeSuite Pro had also been listed as vulnerable and I received a similar response from them politely assuring me it wasn't vulnerable because they only used OpenSSL as a package to work with PDFs.  They have since updated the version of OpenSSL that they use.


Finally, I had called Netflix about the Heartbleed vulnerability and it was shortly after that call that an update also came out with the updated OpenSSL 1.0.1g included in their app.


 


I recommend that people contact the app developers to report ANY detected Heartbleed vulnerability and which app found it. 
Reply
Options

1314 Posts

12-09-2011

United States

0 Signins

0 Page Views

  • Posts: 1314
  • Registered: ‎12-09-2011
  • Location: United States
  • Views: 0
  • Message 10 of 10

Re: Lookout shows Droid Maxx vulnerable to Heartbleed

2014-04-25, 12:40 PM


eaccents said:



LSS said:


Try this one by Bluebox, it appears to be more accurate:



https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner&hl=en


View original


I kind of like CM Security myself ....they have this app:



https://play.google.com/store/apps/details?id=com.cleanmaster.security.heartbleed&hl=en


View original


This is the one I use as well on all of my phones (Razr Maxx, Droid Bionic, Casio Commando 4G and Galaxy Note 3). There entire suite of products are probably some of the best out there. Dev's (KS Mobile)very responsive, apps updated often, and probably have the highest ratings of any apps out there (Cache cleaner, antivirus, security). Clean - easy to use interface's and many features not found on other similar products. Small footprint.



 Same result for Netflix on Razr Maxx and Bionic, but that app is disabled on both. Not on the Commando or the Note 3, so didn't pick that one up.



Would recommend their Heartbleed product to anyone as well as there other apps.

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms