‘Heartbleed’ bug could badly hit internet, mobile services

11 Apr 2014

1

Hackers may be able to break into email systems, security firewalls and possibly mobile phones through the new 'heartbleed' computer virus, according to US security experts.

HeartbleedThe widespread bug surfaced late on Monday, when it was disclosed that a pernicious flaw in a widely used web encryption program known as OpenSSL opened hundreds of thousands of websites to data theft.

Developers rushed out patches to fix affected web servers when they disclosed the problem, which affected companies from Amazon.com and Google to Yahoo.

Yet pieces of vulnerable OpenSSL code can be found in plenty of other places, including email servers, ordinary PCs, phones and even security products such as firewalls. Developers of those products are scrambling to figure out whether they are vulnerable and patch them to keep their users safe.

An Intel spokesman declined comment, referring Reuters to a company blog that said: "We understand this is a difficult time for businesses as they scramble to update multiple products from multiple vendors in the coming weeks. The McAfee products that use affected versions of OpenSSL are vulnerable and need to be updated."

The Heartbleed vulnerability went undetected for about two years and can be exploited without leaving a trace, so experts and consumers fear attackers may have compromised large numbers of networks without their knowledge.

Companies and government agencies are now rushing to understand which products are vulnerable, then set priorities for fixing them. They are anxious because researchers have observed sophisticated hacking groups conducting scans of the internet this week in search of vulnerable servers.

Cisco Systems, the world's biggest telecommunications equipment provider, said on its website that it is reviewing dozens of products to see if they are safe.

It uncovered about a dozen that are vulnerable, including a TelePresence video conferencing server, a version of the IOS software for managing routers. A company spokesman declined to comment on how those issues might affect users, saying Cisco would provide more information as it became available.

Oracle has not posted such an advisory on its support site. Company spokeswoman Deborah Hellinger declined to comment on Heartbleed.

Microsoft, which runs a cloud computing and storage service, the Xbox platform and has hundreds of millions of Windows and Office users, said in a statement that "a few services continue to be reviewed and updated with further protections." It did not identify them.

Others like IBM, Hewlett-Packard, EMC and Dell have failed to make any comment.

Security experts said the vulnerable code is also found in some widely used email server software, the online browser anonymizing tool Tor and OpenVPN, as well as some online games and software that runs internet-connected devices such as webcams and mobile phones.

Business History Videos

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more