Heartbleed Security Scanner 1.0

The Heartbleed Security Scanner for Android is an essential tool for detecting whether your Android device is affected by the Heartbleed bug in OpenSSL and whether the vulnerable behavior is enabled. Developed by Lookout, a leading mobile security company, this scanner offers reliable security and antivirus technology to protect individuals, businesses, governments, and critical infrastructure from the increasing threats in the post-PC era.

If you haven't already, we highly recommend downloading Lookout Antivirus & Security for complete Android protection, including free antivirus, backup, find my phone, and more. You can find it here: http://ap.lookout.com/SH4U

More About the Heartbleed Security Scanner

The Heartbleed Security Scanner works by determining the version of OpenSSL your device is using. If your device is using one of the affected versions of OpenSSL, the scanner will then check whether the specific vulnerable feature called heartbeats is enabled.

Q&A

• What is Heartbleed?

Heartbleed is a software flaw in the OpenSSL "Heartbeat" function, which helps keep secure connections alive. This function was found to be vulnerable to manipulation, allowing attackers to steal up to 64K of data at a time from the active memory of affected systems. The bug, discovered by researchers from Codenomicon and Google (with reference number CVE-2014-0160), impacts any infrastructure that includes the affected versions of OpenSSL.

• Will the Heartbleed Security Scanner fix the Heartbleed vulnerability?

No, the Heartbleed Security Scanner is not designed to fix this vulnerability. The vulnerability will need to be patched by Google or your device manufacturer. The purpose of the Heartbleed Security Scanner is to keep you informed about the status of your device. On a positive note, Lookout has not yet observed the Heartbleed vulnerability being exploited on a mobile device.

Stay updated with the latest information on our blog: https://blog.lookout.com/blog/2014/04/09/heartbleed

• Will the Heartbleed Security Scanner tell me if my apps are affected?

No, the Heartbleed Security Scanner will not detect whether any of the services or accounts (the apps and websites you visit) on your device are vulnerable. Its purpose is solely to detect vulnerabilities in the Android operating system. Therefore, while your operating system may be secure, the websites you access may still be at risk. We recommend keeping an eye out for emails from companies with whom you have online accounts, as they may issue patches and notify their customers accordingly.

Note on Permissions

The Heartbleed Security Scanner only requires internet permission if you choose to share the scan results with us. If you choose not to share, no information will be collected.

Additional Resources:

• Learn about the latest security threats at https://blog.lookout.com
• Learn about our permissions at https://www.lookout.com/permissions
• Like us on Facebook at http://facebook.com/mylookout
• Follow us on Twitter at http://twitter.com/lookout