Has Your Android Device Been Hacked via Heartbleed?

According to a post on Gizmodo on April 15, not only is Heartbleed causing heartache on hundreds of servers all over the internet, but security researchers have also warned that the bug could allow direct hacks of Android, too. The Gizmodo post recommends that you install Heartbleed Detector, a free app developed by Lookout Mobile, to determine if your device is at risk. For more details visit Gizmodo.

RoboForm Not Affected by the Heartbleed bug

What is the Heartbleed Bug?

The Heartbleed Bug was disclosed Monday night and can occur in open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where most sensitive data is stored.

The bug appears in OpenSSL versions 1.0.1 to 1.0.1f. Version 1.0.1g fixes the bug.

How Does the Heartbeat Vulnerability Affect RoboForm?

It doesn't.

RoboForm servers used OpenSSL ver 1.0.0 and 0.9.8 which were not affected by the Heartbleed Bug.

Upon learning of the bug, we updated all our OpenSSL versions to the 1.0.1g which is published fix for the Heartbleed bug.

What should you do next?

Your Master Password has always been secure, so you do not need to change it.

However, this bug has been out there for a long time and it's possible that sites you regularly visit would be susceptible the vulnerability.

You can check whether or not sites are susceptible using this tool: http://filippo.io/Heartbleed/

We recommend you generate new passwords for any website in which you store sensitive information, such as email, banking, etc. However, you should wait until these sites have updated their OpenSSL version and replaced their certificates with new certificates being issued on 4/8/2014 or later.