HTC seeking solution to solve Heartbleed flaw

News

HTC is working on updating its security settings after new research found a number of its smartphones are at risk from the Heartbleed security flaw.

New research from security firm Lookout revealed that the HTC One, One X, One S and Evo that run Android 4.1.1 are vulnerable. While Lookout found that 96 percent of devices were safe from any risks, affected devices were particularly vulnerable because of a lack of security updates from the manufacturers.

The Lookout research said: "As new phones come out, older ones are cut off from new Android updates. It's a curse of these phones' own success: the hardware has lasted so well that the software can't measure up."

Heartbleed is a bug on OpenSSL, which is used by the majority of internet sites to keep connections secure. By exploiting the bug, hackers could glean up to 64K of memory from a server. Another vulnerability inherent in this flaw, reverse Heartbleed, means that servers have the capacity to steal data from mobile devices.

It is estimated up to 50 million users of Android 4.1.1 could be affected by the bug. Lookout added that several devices running custom versions of Android 4.2.2 could also be at risk.

An HTC spokesperson said: "We're currently working to implement the security patch issued by Google this week to the small number of older devices that are on Android 4.1.1. HTC flagship devices, including the HTC One and HTC One (M8), are not impacted."

Motorola, whose Atrix HD is another handset at risk, also said it was working on a patch to safeguard unsecure devices.