Heartbleed Bug Can Also Affect Personal Devices, What You Can Do

This entry was posted by on .

OpenSSL: Are you patched?

We all heard and read news about the “Heartbleed” bug in OpenSSL on various websites. A common misperception is that the Heartbleed only affects “secure” web servers, and most websites have already been patched. Without many of us even being informed, this bug also affects our personal devices, including networking devices, home automation systems, smart phones, mobile apps, etc.

When the vendors of the majority of affected devices, services and apps will address this vulnerability is not known. Due to a wide number of devices and services that rely on OpenSSL, it is likely that not all of them will ever be patched. OpenSSL developers have now also received flak for the buggy codebase that is “beyond a fix”.

What can YOU do?

Along with changing your passwords to various websites, compile a list of servers you own, even ones hosted remotely and update the OpenSSL library. As for other affected devices, there’s really nothing you can do about your networking, cable boxes, home automation systems, video game services and mobile apps, aside from knowing that any data you send or receive is not secure.

PC Magazine is maintaining a list of possible networking devices which are affected, but this list by no means is complete. This is a good list for websites, and a simple tool to search if any other website is affected. A large number of phones are also affected.

What is the Heartbleed bug?

In laymen’s terms, the Heartbleed bug allows attackers to repeatedly access 64K of memory from any “secure website”. The bug exists in one of the methods used by OpenSSL, an open-source encryption standard, used by the vast majority of websites to send encrypted data to users.

Prebhdev Singh, Product Manager AlertEnterprise

LinkedIn / Twitter

One thought on “Heartbleed Bug Can Also Affect Personal Devices, What You Can Do

Comments are closed.