{"id":67473,"date":"2014-05-30T00:17:41","date_gmt":"2014-05-29T22:17:41","guid":{"rendered":"http:\/\/onsoftware.en.softonic.com\/?p=67473"},"modified":"2025-07-02T00:40:01","modified_gmt":"2025-07-02T07:40:01","slug":"new-heartbleed-attack","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/new-heartbleed-attack\/","title":{"rendered":"New Heartbleed attack leaves Android and Wi-Fi routers vulnerable"},"content":{"rendered":"<p>Long-term effects of the <a title=\"&quot;Heartbleed&quot; security bug leaves majority of the web vulnerable\" href=\"http:\/\/news.en.softonic.com\/heartbleed-openssl-security-bug\" target=\"_self\" rel=\"noopener noreferrer\">Heartbleed<\/a> security bug are beginning to show themselves. A newly discovered vulnerability leaves <a title=\"Android tag\" href=\"http:\/\/news.en.softonic.com\/t\/android\" target=\"_self\" rel=\"noopener noreferrer\">Android<\/a> and wireless routers open to attack.<\/p>\n<p>Portuguese security researcher<strong> Luis Grangeia<\/strong> discovered the issue, which allows an attacker to pull data from a device&#8217;s memory over Wi-Fi. Named &#8220;Cupid,&#8221; the attack can expose passwords, certificates and private SSL keys.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-67475\" title=\"Cupid Heartbleed\" src=\"https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/3\/2014\/05\/Cupid-Heartbleed-568x377.jpg\" alt=\"Cupid Heartbleed\" width=\"568\" height=\"377\" srcset=\"https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2014\/05\/Cupid-Heartbleed-568x377.jpg 568w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2014\/05\/Cupid-Heartbleed-120x80.jpg 120w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2014\/05\/Cupid-Heartbleed-256x169.jpg 256w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2014\/05\/Cupid-Heartbleed.jpg 625w\" sizes=\"auto, (max-width: 568px) 100vw, 568px\" \/><\/p>\n<p>Since the attack requires the use of a compromised wireless router,  possible attacks are limited to the range of the router. This means attacks using this method will have much less of a reach than the original Heartbleed bug.<\/p>\n<p>Grangeia says Android devices running <strong>version 4.1.1<\/strong> (a version of &#8220;Jellybean&#8221;) are vulnerable. Attackers can steal data from Android devices with Wi-Fi enabled by offering up an open access point for devices to connect to.<\/p>\n<p>It&#8217;s too early to panic about this type of attack, but you can take steps to prevent it. Make sure your Android device is running the latest operating system, secure your router with a strong password, and make sure its firmware is up to date.<\/p>\n<p>Since <strong>Open SSL<\/strong> (the security protocol exploited by Heartbleed) is so widely used, we&#8217;ll likely see more attacks like this pop up in the future. For more information about Heartbleed, check out all our articles about it right <a title=\"Heartbleed: the bug that left the internet vulnerable\" href=\"http:\/\/features.en.softonic.com\/heartbleed-everything-you-need-to-know\" target=\"_self\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n<p>Source: <a title=\"GitHub\" href=\"https:\/\/github.com\/lgrangeia\/cupid\/\" target=\"_blank\" rel=\"noopener noreferrer\">GitHub<\/a> | <a title=\"Luis Grangeia Slideshare\" href=\"http:\/\/www.slideshare.net\/lgrangeia\/heartbleed-35236317\" target=\"_blank\" rel=\"noopener noreferrer\">Luis Grangeia (Slideshare)<\/a><\/p>\n<p>Via: <a title=\"The Verge\" href=\"http:\/\/www.theverge.com\/2014\/5\/29\/5762496\/new-heartbleed-attack-targets-android-devices-and-routers-over-wi-fi\" target=\"_blank\" rel=\"noopener noreferrer\">The Verge<\/a><\/p>\n<p><em>Follow Lewis on Twitter <a href=\"https:\/\/twitter.com\/lewisleong\" target=\"_self\" rel=\"noopener noreferrer\">@lewisleong<\/a><\/em><\/p>\n<h4>RELATED STORIES<\/p>\n<ul>\n<li><a href=\"http:\/\/features.en.softonic.com\/how-to-detect-malicious-apps-eating-your-android-battery\" target=\"_self\" rel=\"noopener noreferrer\">How to detect malicious Android apps eating your battery<\/a><\/li>\n<li><a href=\"http:\/\/news.en.softonic.com\/windows-xp-extended-support-registry-hack\" target=\"_self\" rel=\"noopener noreferrer\">Registry hack to extend Windows XP support for 5 years too good to be true<\/a><\/li>\n<li><a href=\"http:\/\/news.en.softonic.com\/spotify-hacked-users-logged-out-as-a-precaution\" target=\"_self\" rel=\"noopener noreferrer\">Spotify hacked, users logged out as a precaution<\/a><\/li>\n<\/ul>\n<\/h4>\n","protected":false},"excerpt":{"rendered":"<p>Long-term effects of the Heartbleed security bug are beginning to show themselves. A newly discovered vulnerability leaves Android and wireless routers open to attack. Portuguese security researcher Luis Grangeia discovered the issue, which allows an attacker to pull data from a device&#8217;s memory over Wi-Fi. Named &#8220;Cupid,&#8221; the attack can expose passwords, certificates and private &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/new-heartbleed-attack\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;New Heartbleed attack leaves Android and Wi-Fi routers vulnerable&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2033,"featured_media":67475,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[],"tags":[],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-67473","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/67473","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/2033"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=67473"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/67473\/revisions"}],"predecessor-version":[{"id":330680,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/67473\/revisions\/330680"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/67475"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=67473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=67473"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=67473"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=67473"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=67473"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=67473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}