Verizon, AT&T, Sprint and T-Mobile say customers are protected from Heartbleed bug

Now that the dust has settled, the nation's Tier 1 wireless carriers say their subscribers are largely protected against the Heartbleed Internet security bug, which was first disclosed last week. The bug affected open-source OpenSSL cryptography, which is used by millions of web servers around the world. The bug's disclosure prompted millions of people to change their passwords for fear that malicious hackers could use the Heartbleed bug to access their personal information.

However, wireless carriers say after reviewing their systems there is not much to fear. "The long period of industry-wide exposure to the Heartbleed problem is unusual, but in our review to date of Verizon Wireless' (NYSE: VZ) external websites, we have found no evidence of any compromise," Verizon said in a statement. "Our investigation is ongoing, and we continue to work with our vendors as they complete their own assessments. We will respond to the results accordingly."

Similarly, AT&T Mobility (NYSE: T) said it "found no evidence that the Heartbleed vulnerability has been exploited in our infrastructure or service components. We'll continue to work with our vendors as they complete their own security assessments and provide updates to appropriate software. As always, we recommend customers carefully monitor their accounts and regularly change their passwords."

Sprint (NYSE: S) added that it had "not seen any impacts to our website or operations servicing our customers. We vigorously monitor our systems and we have a variety of security protocols and procedures in place to assess, monitor and prevent such impacts."

And T-Mobile US (NYSE:TMUS) said there "have been no impacts to T-Mobile's network or websites. We continue to monitor for the Heartbleed Bug."

Others in the wireless industry weighed in as well. For example, Boingo Wireless noted that it took its VPN servers offline "as soon as we learned that the SSL software on those servers was subject to the Heartbleed exploit. We have upgraded the SSL software, and the servers are now as good as new, without those pesky security flaws that make it possible for hackers to take something that didn't belong to them."

Verizon did note that it is "working with our device manufacturers to test and deploy patches to any affected wireless devices on our network running Android 4.1.1." Android users with devices running that older operating system are particularly vulnerable. "Our device manufacturers have confirmed that other wireless device operating systems are not affected," Verizon said. "We encourage our customers to check for and accept system updates on their wireless devices.  Customers who have rooted their wireless device or installed modified software should reset the device to factory settings and then check for and accept system updates."

Article updated April 23 with additional information from Boingo.

Suggested Articles

AT&T said its 5G service, for both consumers and businesses, is now live in 10 markets.

The FCC today voted unanimously to advance a proposal to reallocate the 5.9 GHz band to both unlicensed and C-V2X technologies.

Raymond James lowered its odds of the T-Mobile/Sprint deal getting approved from 85% to 55%.