Heartbleed could harm a variety of systems

Apr 11, 2014 by Bree Fowler

It now appears that the "Heartbleed" security problem affects not just websites, but also the networking equipment that connects homes and businesses to the Internet.

A defect in the used by many websites and equipment makers have put millions of passwords, and other personal information at risk. The extent of the damage caused by Heartbleed isn't known. The threat went undetected for more than two years, and it's difficult to tell if any attacks resulted from it because they don't leave behind distinct footprints.

But now that the threat is public, there's a good chance hackers will try to exploit it before fixes are in place, says Mike Weber, vice president of the information-technology audit and compliance firm Coalfire.

Two of the biggest makers of , Cisco and Juniper, have acknowledged that some of their products contain the bug, but experts warn that the problem may extend to other companies as well as a range of Internet-connected devices such as Blu-ray players.

"I think this is very concerning for many people," says Darren Hayes, professor of security and computer forensics at Pace University. "It's going to keep security professionals very busy over the coming weeks and months. Customers need to make sure they're getting the answers they need."

Here's a look at what consumers and businesses should know about Heartbleed and its effects on networking devices.

— How is networking equipment affected?

Just like websites, the software used to run some networking equipment—such as routers, switches and firewalls—also uses the variant of SSL/TLS known as OpenSSL. OpenSSL is the set of tools that has the Heartbleed vulnerability.

As with a , hackers could potentially use the bug as a way to breach a system and gather and steal passwords and other sensitive information.

— What can you do?

Security experts continue to advise people and businesses to change their passwords, but that won't be enough unless the company that created the software in question has put the needed fixes in place.

When it comes to devices, this could take a while. Although websites can be fixed relatively quickly by installing a software update, makers will have to check each product to see if it needs to be fixed.

Both Cisco Systems Inc. and Juniper Networks Inc. continue to advise customers through their websites on which product is still vulnerable, fixed and unaffected. Owners may need to install software updates for products that are "fixed."

Hayes praises Cisco and Juniper for being upfront with customers. He cautions, though, that many other companies make similar products that likely have the bug, too, but haven't come forward to say so.

As a result, businesses and consumers need to check the websites for devices that they think could have problems. They must be diligent about installing any software updates they receive.

Weber says that while there are some checks companies can do to see if their networking equipment is safe, they're largely beholden to the device makers to let them know what's going on.

Companies also need to make sure that partners with access to their systems aren't compromised as well.

— Are other devices at risk?

Hayes says the bug could potentially affect any home device that's connected to the Internet, including something as simple as a Wi-Fi-enabled Blu-ray player.

He also points to recent advances in home automation, such as smart thermostats, security and lighting systems.

"We simply don't know the extent of this and it could affect those kinds of devices in the home," he says.

Explore further: Three things to do to protect from Heartbleed

3.3 /5 (6 votes)
add to favorites email to friend print save as pdf

Related Stories

Three things to do to protect from Heartbleed

Apr 11, 2014

The "Heartbleed" bug has caused anxiety for people and businesses. Now, it appears that the computer bug is affecting not just websites, but also networking equipment including routers, switches and firewalls.

What you need to know about the Heartbleed bug

Apr 09, 2014

Millions of passwords, credit card numbers and other personal information may be at risk as a result of a major breakdown in Internet security revealed earlier this week.

'Heartbleed' bug a critical Internet illness

Apr 11, 2014

The "Heartbleed" flaw in Internet security is as critical as the name implies and wider spread than first believed. Warnings about the danger exposed early this week reached widening circles on Thursday, with everyone from website o ...

Heartbleed bug find triggers OpenSSL security advisory

Apr 08, 2014

A flaw called Heartbleed in OpenSSL, which is a software library used for the protection and security of millions of websites, was uncovered by Neel Mehta of Google Security, who first reported it to the ...

Recommended for you

US probe links NKorea to Sony hacking

4 hours ago

A U.S. official says federal investigators have now connected the Sony Pictures Entertainment Inc. hacking to North Korea and are expected to make an announcement in the near future.

Sites stumble on to malware path with plugin exploit

Dec 16, 2014

The numbers were not pretty. Over 100,000 WordPress websites may have been infected with malware, once again proving that where there is widespread popularity, whether in operating systems or platforms or ...

Norway probes spy equipment found in central Oslo

Dec 15, 2014

Norwegian police said Sunday they have warned politicians about possible eavesdropping of cellphone calls after several listening devices were reportedly found in central Oslo, including near government buildings and Parliament.

Identity theft victims face months of hassle

Dec 14, 2014

As soon as Mark Kim found out his personal information was compromised in a data breach at Target last year, the 36-year-old tech worker signed up for the retailer's free credit monitoring offer so he would ...

Your info has been hacked. Now what do you do?

Dec 14, 2014

Criminals stole personal information from tens of millions of Americans in data breaches this past year. Of those affected, one in three may become victims of identity theft, according to research firm Javelin. ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.