The so-called ‘Heartbleed' bug (CVE-2014-0160) was revealed by researchers from Finnish security firm Codenomicon and Google in an 7 April advisory . It compromises the OpenSSL security system used to protect many of the world's websites.
The bug, which has been in the wild for around two years, lets attackers steal what the researchers call the “crown jewels” – the website encryption keys which allow them to impersonate the administrators and steal any past and future traffic passing through the site.
The researchers say attackers can capture “anything worth encrypting”, including user passwords, financial details, emails and secret documents.
They explain: “We attacked ourselves from outside, without leaving a trace. We were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business-critical documents and communication.”
The flaw is called ‘Heartbleed' because it comes from a programming mistake in OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) ‘heartbeat' extension. It affects websites using OpenSSL 1.0.1 through to version 1.0.1f.
Website administrators have been urged to upgrade to the newly released OpenSSL 1.0.1g which patches the bug.
Explaining how widespread the vulnerability is, the researchers say OpenSSL is used in Apache and nginx web servers. These host more than 500 million websites, according to net monitoring firm Netcraft, though it is unclear how many of these servers use the affected software versions.
The researchers says OpenSSL is also used to protect email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and a wide variety of client-side software.
Jaime Blasco, director of AlienVault Labs, said his firm has tested different websites and as an example, Yahoo.com is vulnerable to the attack.
Security expert Paul Stone, senior consultant at Context Information Security, confirmed the scale of the threat. He told SCMagazineUK.com via email: “This is an extremely serious vulnerability that affects a large portion of HTTPS-enabled web servers. It's much easier to exploit compared to other recent SSL/TLS-related vulnerabilities because it doesn't require a man-in-the-middle scenario; an attacker can connect directly to any web server running unpatched versions of the OpenSSL software and read portions of the server's memory.”
Kaspersky Lab senior researcher David Emm agreed, telling SCMagazineUK.com via email: “The existence of the CVE-2014-0160 vulnerability is clearly important. OpenSSL is widely used to secure internet-based communications – web, email, IM and VPN. If exploited, this vulnerability would allow an attacker to read the memory of vulnerable systems. They could intercept any sensitive information – including, but not limited to, user names and passwords, for example, in order to assume the identity of a website provider or its customers.”
Paul Stone added: “Since this attack is so easy to carry out and exploit code is already available, it is certain that sensitive data is being stolen from thousands of websites by skilled and unskilled attackers alike. Website operators should follow advice to patch their servers, update their encryption keys and monitor for compromised user accounts and data.
“The only slight upside is that the attacker has no control over what data is read – therefore, it is difficult to target a particular user's data or password using this attack.”
Tim (TK) Keanini, CTO of Lancope, said the whole issue was “a mess” and explained how badly users are affected.
He told SCMagazineUK.com via email: "This is one of the most major vulnerabilities to happen this year and it will be with us for quite some time as everyone who is vulnerable will need to remediate.
“Most if not all of the major websites are aware and have fixed this problem – that is not the major concern. The major concern is everyone else who is affected by this bug as it does not just apply to websites and most have no idea they are at risk.
“It is not easy for most people to know what version they are running and if this is built into a router or embedded device, chances are very slim they will ever know. The attacker will also leave no logs when they perform their attack. What a mess - and these messes are a normal part of the internet.”
The Codenomicon and Google researchers say intrusion detection and prevention systems (IDS/IPS) can be trained to detect use of the heartbeat request, by comparing the size of the request against the size of the reply. “Use of Perfect Forward Secrecy (PFS), which is unfortunately rare but powerful, should protect past communications from retrospective decryption,” they add.
And they say one bright side is: “Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.”
More details of fixes and patches for Heartbleed are provided by the US SANS security research organisation .