Heartbleed and OpenSSL issues with MI2S


Roland Y.

Members
Jul 9, 2013
7
11
Hi all,

I believe most of you came accross the trending topic these days, the recently discovered criptographic bug named Heartbleed.
As far as I know, it also affect some Android phones, as OpenSSL is baked inside. Not that I was especially worried about that, but I came accross a detector app (powered by the guys behind Lookout Mobile Security) named Heartbleed Detector. It seems that it actually detect the version of OpenSSL being used on the phone, and would tell if the phone is actually vulnerable or not.
I have MI2S, running MIUI 4.4.4 (based on Android 4.1.1 JRO03L). The Heartbleed Detector said my phone is vulnerable (see file attached).

Well, I would like to know a couple of things:
  • Can this be easily fixed ?
  • Should I update to a safe version of OpenSSL (and if so, how do I do that) ?
  • Or is some patch from MIUI developers expected ? Maybe the patch should be done by Google in Android itself first, and then mirrorred in some upcoming MIUI update ?

Thanks in advance.
 

Attachments

  • Screenshot_2014-04-12-08-40-05[1].png
    Screenshot_2014-04-12-08-40-05[1].png
    107.3 KB · Views: 344
Thanks @M1cha for the swift response.
Well, I am not considering switching to any other ROM. MIUI stock rom is perfect, to me.
So does it means it will be fixed in some upcoming MIUI weekly update and that I just have to be patient ? :)
 
you can try to use libssl.so from CM11. But some binaries use a statically compiled version of this lib.
asking xiaomi to fix this bug would be a good idea, too :D
 
  • Like
Reactions: ivangot0y
On M1cha's latest cm11 the vulnerability exists but the vulnerable behavior is not enabled.