Trend Micro Heartbleed Detector Now Available

500x1500 web

How the Heartbleed bug works

In previous blog entries, we’ve discussed various aspects of the Heartbleed vulnerability in OpenSSL. Last Tuesday, our first blog post covered an analysis of the vulnerability itself, as well as some steps that IT administrators of affected systems could do in order to protect themselves. Later entries looked at how popular websites and mobile apps were, in their own ways, vulnerable to the threat.

To help deal with the Heartbleed vulnerability, we’ve released several tools that can be used to detect possible exposure to the risks:

We have released into the Google Play app store the Trend Micro Heartbleed Detector. This tool is designed to help users tell if they are vulnerable to any aspect of this threat. In particular, it checks for three things:

  • It checks whether the version of OpenSSL used in the device’s version of Android may be vulnerable.
  • It checks whether any OpenSSL libraries embedded in the user’s installed apps may be vulnerable.
  • It checks whether the user’s installed apps communicate to any unpatched (and therefore, vulnerable) servers.

Main Page

Figure 1. Detector application

If any vulnerable apps are detected, the detector offers to uninstall the app for the user:

Summary marked

Figure 2. Vulnerable app detected

We don’t recommend for users to immediately uninstall all vulnerable apps, but this is something everyone should consider for applications that handle critical information, such as mobile banking applications. In addition, it’s a good idea for users to contact the companies that maintain these vulnerable apps to update their apps or websites as soon as possible.

For Chrome users, we’ve also released the Trend Micro OpenSSL Heartbleed Scanner app. The scanner allows for users to check if specific sites are vulnerable to Heartbleed. The tool can be downloaded from the Chrome Web Store.

For other users who want to check if a site is vulnerable or not, you may also do so through our Trend Micro Heartbleed Detector page.

We will continue to monitor this issue and release more information as needed.  For other posts discussing the Heartbleed bug, check our entries from the past week:

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

Trend Micro Heartbleed Detector Now Available

Read more: Trend Micro Heartbleed Detector Now Available

Story added 17. April 2014, content source with full text you can find at link above.