Verizon, AT&T, Sprint and T-Mobile say customers are protected from Heartbleed bug

Now that the dust has settled, the nation's Tier 1 wireless carriers say their subscribers are largely protected against the Heartbleed Internet security bug, which was first disclosed last week. The bug affected open-source OpenSSL cryptography, which is used by millions of web servers around the world. The bug's disclosure prompted millions of people to change their passwords for fear that malicious hackers could use the Heartbleed bug to access their personal information.

However, wireless carriers say after reviewing their systems there is not much to fear. "The long period of industry-wide exposure to the Heartbleed problem is unusual, but in our review to date of Verizon Wireless' (NYSE: VZ) external websites, we have found no evidence of any compromise," Verizon said in a statement. "Our investigation is ongoing, and we continue to work with our vendors as they complete their own assessments. We will respond to the results accordingly."

Similarly, AT&T Mobility (NYSE: T) said it "found no evidence that the Heartbleed vulnerability has been exploited in our infrastructure or service components. We'll continue to work with our vendors as they complete their own security assessments and provide updates to appropriate software. As always, we recommend customers carefully monitor their accounts and regularly change their passwords."

Sprint (NYSE: S) added that it had "not seen any impacts to our website or operations servicing our customers. We vigorously monitor our systems and we have a variety of security protocols and procedures in place to assess, monitor and prevent such impacts."

And T-Mobile US (NYSE:TMUS) said there "have been no impacts to T-Mobile's network or websites. We continue to monitor for the Heartbleed Bug."

Others in the wireless industry weighed in as well. For example, Boingo Wireless noted that it took its VPN servers offline "as soon as we learned that the SSL software on those servers was subject to the Heartbleed exploit. We have upgraded the SSL software, and the servers are now as good as new, without those pesky security flaws that make it possible for hackers to take something that didn't belong to them."

Verizon did note that it is "working with our device manufacturers to test and deploy patches to any affected wireless devices on our network running Android 4.1.1." Android users with devices running that older operating system are particularly vulnerable. "Our device manufacturers have confirmed that other wireless device operating systems are not affected," Verizon said. "We encourage our customers to check for and accept system updates on their wireless devices.  Customers who have rooted their wireless device or installed modified software should reset the device to factory settings and then check for and accept system updates."

Article updated April 23 with additional information from Boingo.

Suggested Articles

The FCC plans changes to its Lifeline program, a federal initiative meant to lower the monthly cost of phone and internet for low-income individuals.

New research, again based off Wehe test results, indicates wireless carriers are throttling video content, regardless of location or time of day, and that…

In their latest round of comments to the FCC, both users and would-be users of the C-Band argued whether fiber is the best alternative for delivering the types…