Heartbleed and the Internet of Things

May 2, 2014

Heartbleed and the Internet of Things

Semiconductor Engineering, By Ernest Worthman

Heartbleed is not a country and western song, but many wish it were. It’s a programming glitch with the potential to cause disastrous and widespread compromises on seemingly secure data.

By some estimates, the flaw in the heartbleed code has allowed hackers to collect personal data, including passwords, undetected, for as long as two years. Exactly how much data has been breached, and what the total damage will be, is still under assessment, but the media hype suggests it is substantial. Moreover, one has to wonder if this glitch may be connected to the recent data compromises at Target and other organizations. Fortunately, the fix is out, but it may take a while for everyone to apply it to their systems.

What makes this “bug,” for lack of a better term, so dangerous is that it is not some super-complex, self-morphing, Mensa-level, mega virus. In fact, it is not really a virus or bug at all. It simply exploits a somewhat overlooked programming mistake in the “heartbleed” part of certain versions of OpenSSL.

In this case the code vulnerability allows anyone on the Internet to read the memory of the systems running vulnerable versions of the OpenSSL software. The fix, according to Dmitry Bestuzhev, head of the research center, Kaspersky Lab Latin America, is quite simple and is included in the OpenSSL 1.0.1g version. Read more.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Heartbleed and the Internet of Things

Heartbleed and the Internet of Things

About Kaspersky

Related Articles Press Releases

Kaspersky Lab Joins Forces with Merchant Risk Council to Help Combat eCommerce Fraud

Kaspersky Lab North America Recognized on CRN’s 2018 Security 100 List

Kaspersky Lab North America Releases its Inaugural Corporate Social Responsibility Report

Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment

Poor Security Practices put Cloud-Driven Business Growth and Cost Savings at Risk

Kaspersky Lab Story of the Year 2017: More Than One Quarter of Ransomware Attacks Target Businesses

Kaspersky Lab Survey: IT Security Experts Uncertain on How to Combat Targeted Attacks

Kaspersky Lab Creates Pop-Up Shop Experience Using New Currency to Showcase the Value of Personal Data

Kaspersky Lab Enters Endpoint Detection and Response Market with New Solution

Kaspersky Lab North America Champions National Cyber Security Awareness Month 2017