Security specialist Trend Micro announced the release of two free Heartbleed scanners for computers and mobile devices designed to verify whether they are communicating with servers that have been compromised by the Heartbleed bug.
The solutions, Heartbleed Detector, a Chrome browser plug-in and an Android mobile app, are accessible in the Chrome Web Store and Google Play app store.
The Heartbleed security bug was found in the open-source OpenSSL cryptography library, which is widely used to implement the Internet’s Transport Layer Security (TLS) protocol.
A fixed version of OpenSSL was released on April 7, at the same time as Heartbleed was publicly disclosed, however, several security experts have cautioned against users changing passwords until more information about the nature and extent of the breach becomes available to consumers.
At that time, some 17 percent (around half a million) of the Internet’s secure Web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.
“Trend Micro has responded to the Heartbleed threat by offering tools to all Internet users as a solution to protect their personal data,” Raimund Genes, chief technology officer at Trend Micro, said in a statement. “With in-app purchases and financial transactions on mobile devices becoming the norm, Trend Micro felt it was vital to offer users a solution designed to enable them to continue operating their devices without worry.”
Available for Mac and Windows-based computer users, the Trend Micro Heartbleed Detector is a multi-platform plug-in for Chrome that enables users to check for vulnerable URLs and installs with a single click.
Trend Micro researchers have also discovered that mobile apps are just as vulnerable to the Heartbleed bug as Websites.
To mitigate this threat, Trend Micro has developed the Heartbleed Detector to check apps on a user’s device and the servers they communicate with, to determine if installed apps are vulnerable to the OpenSSL bug. If vulnerable apps are found, the detector then prompts the user with the option to uninstall the app.
“Heartbleed is a problem that may never entirely go away, but we are committed to providing and updating our solutions to best protect the data of our customers, and provide essential security on each device they use,” Genes said.
Earlier this week Trend Micro announced major upgrades to its Complete User Protection solution, which spans PC and mobile endpoints, email and collaboration, and Web security to enable integrated visibility and threat response.
Refreshed vulnerability protection capabilities proactively protect against exploits directed at operating system and application vulnerabilities until patches can be deployed, while improved endpoint encryption includes preboot authentication and management for Windows Bitlocker and MacOS FileVault native disk encryption.