Is BBM vulnerable to the Heartbleed bug?

Posted by

The HeartBleed bug is not an easy thing to explain to non-techie people, but basically it means that that certain versions of OpenSSL, used to provide internet security worldwide, are vulnerable and allow protected information to be read. Read my lips: this is a huge problem.


Since this is a mobile-focused site, I am restricting this article to mobile. The implication is that a hacker can potentially use the bug to break into your device and steal passwords and other sensitive information. On mobile, it is a two-pronged issue: your device (smartphone, phablet or tablet), and your apps.

I found two Android apps that claim to be able to detect whether your Android device is vulnerable, Hearbleed Detector and Heartbleed Scanner. After installing and running the former, the verdict I got was that though the version of OpenSSL on my Nokia X is affected by the Heartbleed bug, the behaviour is not enabled and so I am safe.

Heartbleed Detector Nokia X

The second app, Heartbleed Scanner confirms same, but also scans individual apps to see which are vulnerable. According to this app, BBM contains a version of OpenSSL with the behaviour enabled. Meaning: BBM is vulnerable. At least according to the app. Bummer: there goes your BBM password and perhaps all your private chats. At least, if this app is true blue.

Heartbleed Scanner BBM

If Affected

If your device is affected, it needs to be patched by Google or your device manufacturer. If an app you use is affected, it needs to be patched by the developer. In this case, if this diagnosis is correct, BBM needs to patch this app right away, and then I will need to change my password. There isn’t any point changing my password till it is patched.

Scan our Device!

The version of BBM on the Nokia X is likely different from the version on regular Android phones. The way to be sure about yours is to download Heartbleed Scanner to your device and run it for feedback. Is your device safe from the bug? How many apps on your device/s are affected by the bug?

Download Heartbleed Detector and Heartbleed Scanner.

One comment

  1. While most of the attention lies in computers, those who are using the Android operating system are also affected by the Heartbleed security bug. Smartphones and tablets running on Android 4.1.1 in particular are vulnerable to the bug.

    Google announced on its online security blog that “All
    versions of Android are immune to CVE-2014-0160 (with limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners). We will continue working closely with the security research and open source communities, as doing so is one of the best ways we know to keep our users safe.”

Leave a Reply

Your email address will not be published. Required fields are marked *