The startling password-spaffing vulnerability in OpenSSL affects far more than web servers, with everything from routers to smartphones also at risk.
The so-called “Heartbleed” vulnerability (CVE-2014-0160) can be exploited to extract information from the servers running vulnerable version of OpenSSL, and this includes email servers and Android smartphones as well as routers.
More ReadingCrimestoppers finally revamps weak crypto. Take your time guysAviva phone hacker jailed for 18 months over revenge attackVENOM virtual vuln proves less poisonous than first fearedDodgy Google, Yahoo! SSL certs nuked in Windows – finally'Heartbleed-based BYOD hack' pwns insurance giant Aviva's iPhones
Hackers could potentially gain access to private encryption key before using this information to decipher the encrypted traffic to and from vulnerable websites.
Web sites including Yahoo!, Flickr and OpenSSL were among the many left vulnerable to the megabug that exposed encryption keys, passwords and other sensitive information.
Preliminary tests suggested 47 of the 1000 largest sites are vulnerable to Heartbleed and that's only among the less than half that provide support for SSL or HTTPS at all. Many of the affected sites – including Yahoo! – have since patched the vulnerability. Even so, security experts – such as Graham Cluley – remain concerned.
Anatomy of a bug
OpenSSL is a widely used encryption library that is a key component of technology that enables secure (https) website connections.
The bug exists in the OpenSSL 1.0.1 source code and stems from coding flaws in a fairly new feature known as the TLS Heartbeat Extension. "TLS heartbeats are used as 'keep alive' packets so that the ends of an encrypted connection can agree to keep the session open even when they don't have any official data to exchange," explains security veteran Paul Ducklin in a post on Sophos' Naked Security blog.
The Heartbleed vulnerability in the OpenSSL cryptographic library might be exploited to reveal contents of secured communication exchanges. The same flaw might also be used to lift SSL keys.
This means that sites could still be vulnerable to attacks after installing the patches in cases where a private key has been stolen. Sites therefore need to revoke exposed keys, reissue new keys, and invalidate all session keys and session cookies.
Many routers and other forms of networking equipment use OpenSSL to secure mini web servers to run admin interface, leaving networking equipment vulnerable as a result.
Networking giant Cisco was quick to put out put out an advisory.
"Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server," the networking giant explains.
"Cisco is currently investigating its product line to determine which products may be affected by this vulnerability and the impact on the affected product. This advisory will be updated as additional information becomes available."
Stem the bleeding
A patch is available in OpenSSL 1.0.1g. Another option for resolving the vulnerability is to recompile the OpenSSL version in use to omit the vulnerable “heartbeat” extension.
Cloud security firm Qualys' SSL Labs service detects the OpenSSL “HeartBleed” vulnerability. Administrators responsible for the security of websites can access the free tool here.
“The HeartBleed vulnerability is easy to exploit and there are already many proof-of-concept tools available that one can use in minutes,” said Ivan Ristic, director of engineering at Qualys and renowned SSL technology expert. “After a successful attack, the attacker can obtain a large chunk of server memory, which can contain server private keys, session keys, passwords and other sensitive data. IT administrators need to map their exposure and install the patched version wherever necessary.”
The vulnerable Heartbleed code – committed at 22:59 on New Years Eve in 2011 – has given the interwebs a long-delayed but truly vile hangover. Questions are already being asked about how it remained undetected for so long and whether the vulnerability has actually been abused in attacks.
"A new feature was launched on the Net's critical attack surface and it wasn't audited immediately," said Dan Kaminsky, a security researcher most famous for discovering a DNS cache poisoning bug back in 2008 – previously considered among the worst internet flaws ever unearthed.
Some are already trying to draw lessons from the mess.
"This issue is a timely reminder that all software can contain security vulnerabilities," wrote Brian Honan, the infosec consultant who founded and heads up the Republic of Ireland's Computer Security Incident Response Team, in an edition of the SANS Institute NewsBites newsletter. "Simply because the source code of Open Source software can be reviewed by anyone does not mean they will know how to look for security vulnerabilities or indeed detect them."
All manner of attacks are possible as a result of the vulnerability.
"The 'Heartbleed' bug has epic repercussions since it affects one of the cryptographic suites that is used to run critical services on the Internet (OpenSSL 1.0.1)," explained Jaime Blasco, director at AlienVault Labs. "The bug permits an attacker to receive the contents of the server's memory, leading to compromise of critical information such as the digital keys that can be later used to decrypt communications or impersonate the real server."=
"By obtaining the memory of the server you can also access data such as username/passwords and even portions of the source code of the application running. The attack can be also combined with a Man-in-the-Middle attack to obtain credentials from the client before the server perform authentication," he added.
Vulnerable websites included Yahoo.com and OpenSSL.com among many others. Affected providers need to replace private keys and certificates after patching all OpenSSL services that rely on the vulnerable OpenSSL cryptographic library.
Mark Schloesser, security researcher at Rapid7, the developers of penetration-testing tool Metasploit, added: "The 'Heartbleed' SSL vulnerability affects widely deployed versions of the OpenSSL library which is used in the majority of software, including web-, email-, database- and chat-servers. It allows the attacker to read a portion of memory from the remote system without the need for any known credentials or other authentication forms.
"The leaked memory areas might contain a lot of different content, ranging from leftover data from previous communication over log messages, up to private key material employed by the service / daemon. For this reason, there are lots of possible attack scenarios that can result from the vulnerability.
"An attacker who gains access to the private key of the server certificate can subsequently mount man-in-the-middle attacks against clients and impersonate the server/service. Log messages might also contain credentials or affect the privacy of communications by other clients," he added.
OpenSSL 0.9.8 and 1.0.0 are still the most popular versions of the software on web servers, and these are not affected. "However we count at least a few hundred thousand servers using affected library versions so that it poses a significant threat," Schloesser warns.
"As the same problem affects other protocols / services such as mail servers and databases, we assume that overall we're looking at millions of vulnerable systems connected to the public internet.
"Affected systems get updated but that's just the start of security remediation. To mitigate against attacks resulting from leaked material, any SSL keys from affected systems should be replaced and revoked," he added.
A short video by Zulfikar Ramzan, CTO at cloud security services firm Elastica, explaining how the Heartbleed vulnerability works can be found here.
The newly established CERT UK security clearing house put out its first major advisory on Heartbleed.
A statement by developers of OpenSSL can be found here.
The whole security emergency has already spawned a xkcd funny featuring the tongue-in-cheek observation that at least pen and paper are not affected by the megavuln. ®