Heartbleed is a vulnerability in the OpenSSL library of Google Android that theoretically enables cybercriminals to get access to the information protected by the SSL/TLS encryption methods.
Dr.Web anti-virus for Android detects and removes malicious programs that use the Heartbleed vulnerability just after the beginning of the installation process. Thus, Dr.Web users are effectively protected from such Trojans.
The Heartbleed vulnerability (CVE-2014-0160) is caused by the error in the system library /system/lib/libssl.so. This vulnerability exists on Google Android devices that use the following versions of this library: 1.0.1a, 1.0.1b, 1.0.1c, 1.0.1d, 1.0.1e, 1.0.1f, 1.0.2-beta1.
Technical implementation of this vulnerability is based on the OpenSSL library’s incorrect processing of the Heartbeat packages. Due to this, the application attacking the system can use specifically formed requests to get access to 64 KB memory of the system process with which the encrypted secure connection is established. Memory leak occurs because of the absence of buffer overflow check in heartbeat TLS extension’s implementation (RFC 6520). As a result, by modifying the request, cybercriminals can successively read the process’s memory contents. In this memory sector, passwords, session IDs, or private keys can be stored. Cybercriminals can extract these data and use it for their future attacks.