Heartbleed: routers and phones also at risk, says security expert

Heartbleed: routers and phones also at risk, says security expert

Manufacturers must patch routers, video conferencing software and desktop phones, as scale of software vulnerability continues to grow

 

The Guardian
by Alex Hern
April 14, 2014

 

The recently uncovered "Heartbleed" bug exposes data to hackers. (Photograph: Pawel Kopzynski / Reuters)
The recently uncovered “Heartbleed” bug exposes data to hackers. (Photograph: Pawel Kopzynski / Reuters)

 

Heartbleed, the software vulnerability in hundreds of thousands of web servers which laid their contents open to attackers, also affects consumer devices, security experts have warned.

Hardware including smartphones, routers and cable boxes are all potentially affected, posing the risk of anything from data theft to attackers seizing control of the vulnerable device.

“Network-connected devices often run a basic web server to let an administrator access online control panels,” says Philip Lieberman, president of security firm Lieberman Software. “In many cases, these servers are secured using OpenSSL and their software will need updating.

“However, this is unlikely to be a priority. The manufacturers of these devices will not release patches for the vast majority of their devices, and consumers will patch an insignificant number of devices.”

Some manufacturers have confirmed that their devices are not affected. Belkin says that its routers, as well as those of its Linksys subsidiary, are safe: one range does use OpenSSL, the software which contains the Heartbleed vulnerability, but uses a version which predates the flaw.

But others are not so lucky. Networking giant Cisco has confirmed that a number of its products are vulnerable, including desktop phones, video conferencing hardware and VPN software. It is investigating a further 83 products for potential vulnerabilities.

Neither Netgear nor BT returned requests for comment, and have not spoken publicly about whether or not their devices are vulnerable.

For affected devices, operators are slowly releasing patches, which must be downloaded and installed. But many users will not apply the updates, warns Lieberman.

“The list of compromised devices is huge,” he says. “Most of the devices are not going to be patched because their users do not know how to do it since they bought a router or firewall, not OpenSSL (as far as they are concerned).

“Many of the devices are from manufacturers that are no longer supporting the previously shipped devices as a matter of policy and business model,” he adds. “What do you expect in the way of support when you buy a device or embedded system for less than $100 and the company is making $10.00?”

As with affected websites, users should not change passwords until they are sure the vulnerability has been fixed. The best way to be certain is to wait for the affected company to specifically say it is time to change passwords: examples of companies who have done so include Tumblr, Flickr, IFTTT and Dogecoin service DogeAPI.

 

SSL keys stolen

One potential avenue of hope was blocked off on Friday, when online services company CloudFlare confirmed that four people had successfully stolen SSL certificates from an affected server.

SSL is the basis of security online, and is the protocol that leads to browsers displaying a padlock icon to show that a given website is secure. One of the attacks that the Heartbleed vulnerability allows is theft of the private key for SSL, allowing an attacker to decrypt intercepted messages or impersonate the site.

Cloudflare had previously written that “we have reason to believe… that it may in fact be impossible” to steal the keys from their servers, in contrast to claims made by the researchers who uncovered the flaw. But the company issued a challenge to the outside world to prove them wrong, and four separate researchers managed to steal the information over the next 48 hours.

The result of the challenge underscores that it’s not enough for a site vulnerable to Heartbleed to fix the server: it also needs to treat the SSL key as stolen, and issue a new one. Cloudflare described the possibility of a stolen key as “the disaster scenario, requiring virtually every service to reissue and revoke its SSL certificates. Note that simply reissuing certificates is not enough, you must revoke them as well.”

Since the news of Heartbleed broke on April 6, more than 10,000 sites have revoked and re-issued their certificates, giving some idea of the scale of the problem.

 

* RELATED:

Heartbleed: what you need to know

 

Direct Link:  http://www.theguardian.com/technology/2014/apr/14/heartbleed-routers-phones-at-risk-security-expert

 

Heartbleed: 95% of detection tools ‘flawed’, claim researchers

Heartbleed: 95% of detection tools ‘flawed’, claim researchers

Free web tools and not picking up the vulnerability, leaving consumer data exposed

 

The Guardian (UK)
by Tom BrewsterApril 16, 2014

 

Tools designed to tackle high-profile Heartbleed bug have their own problematic bugs. (Photograph: Pawel Kopczynski / Reuters)
Tools designed to tackle high-profile Heartbleed bug have their own problematic bugs. (Photograph: Pawel Kopczynski / Reuters)

 

Some tools designed to detect the Heartbleed vulnerability are flawed and won’t detect the problem on affected websites, a cybersecurity consultancy has warned.

The Heartbleed flaw, which undermined the common security software for internet connections called OpenSSL, caused mass panic last week due to the ease with which it could be exploited to acquire passwords or encryption keys, potentially leaking sensitive personal data from popular consumer websites.

A deluge of tools then hit the internet promising to help people determine whether the web services they were using or hosting were affected. But 95% of the most popular ones are not reliable, according to London-based security consultancy and penetration testing firm Hut3.

 

‘Absolute panic’

“A lot of companies out there will be saying they’ve run the free web tool and they’re fine, when they’re not,” Hut3’s Edd Hardy told the Guardian. “There’s absolute panic. We’re getting calls late at night going ‘can you test everything’.”

Most of the tools checked by Hut3 rely on code designed to highlight the flaw created by developer Jared Stafford, which itself contained problematic bugs, said Hut3 penetration tester Adrian Hayter. These included tools created by major tech companies such as Intel-owned security firm McAfee and password management provider LastPass.

Hayter uncovered three problems with the Heartbleed checkers, which could lead to many cases of sites remaining vulnerable. One of the issues was to do with compatibility with different versions of SSL, the Secure Sockets Layer kind of web encryption affected by the Heartbleed flaw.

“The Heartbleed Checker is designed to work with common system configurations found in the wild,” said Raj Samani, CTO for Europe, the middle east and Asia at McAfee. “There have been reports of detection failure rates of around 2.8% due to these configurations. We were aware of the possibility and have provided a disclosure directly above our checker. We are continually reviewing and revising our code and technique.”

Joe Siegrist, CEO at LastPass, said: “Unlike all other tests, LastPass is not actually attempting to exploit the bug to test if it’s currently present – we’ve been unsure if that’s legal for a US entity to do.

“Our focus has been in ensuring people are updating/revoking their certificates, and that we’re reflecting what major organisations are saying about their exposure. Can you update or make a new certificate and keep the heartbleed bug in place? Sure, but that’s what all the other tests are for.”

 

Widespread consequences

“It is yet another symptom of the ‘hit the ground running’ approach that has characterised the response to this vulnerability,” said Rik Ferguson, vice president of security research at Trend Micro.

“The consequences are so widespread and the technology involved so arcane or invisible to the average user, that knee-jerk reactions and well-meaning advice have been offered up with little planning. From the initial Tumblr blog advising user to change all passwords everywhere ‘now’, before most of the vulnerable services would have been patched, to self-confessed ‘quick and dirty’ demonstration tools being incorporated into complete vulnerability scanning tools.”

“The key to success with protection and mitigation of Heartbleed is more haste, less speed – otherwise you may well be sitting in the comfortable haze of a false sense of security. Ignorance isn’t bliss, it’s dangerous.”

There are various versions of SSL and servers hosting websites can support some or all of them. If the server doesn’t support the version that the user machine selects, then it will respond by either dropping the connection or trying to use a different type of SSL which the server does support.

Herein lies the problem with the detection tools: in many of them, only one version, known as TLSv1.1, is checked. If the server being tested for Heartbleed doesn’t support TLSv1.1, it will either reject the connection or suggest another version. But the failed detectors do not check for another version and assume any server that does not provide a successful response is not vulnerable, said Hayter.

Similar problems lie in compatibility with “cipher suites”, the selections of algorithms used to set up a secure connection over the internet. “Once again, if the server does not support any of the cipher suites that the client sends, the connection will disconnect,” said Hayter.

Most of the tools he examined only told the server they supported about 51 cipher suites, when there are at least 318 cipher suites that could be used by a website. “Granted, most servers will support at least one of the ciphers in the list of 51, but there could be instances where a server does not support any of them, and in these cases, the server would respond with an error, which the scripts interpret as ‘not vulnerable’.”

The third bug was more simplistic: it meant that on slow internet connections some tools would stop working when processing the response of the server, as they would have a time limit. This would again interpret a server as not vulnerable, even if the partially downloaded response would have been enough to confirm the vulnerability, Hayter added.

Given the panic around Heartbleed, with many prematurely being told to change passwords for all web services, even before those sites had been fixed, the latest findings will do nothing to appease the confusion. Hut3 has created its own tool which it believes could help alleviate some of the pain.

 

** RELATED:

Heartbleed: what you need to know to stay secure

Heartbleed: routers and phones also at risk

Developer who introduced Heartbleed error regrets ‘oversight’

US government denies being aware of Heartbleed bug

 

Direct Link:  http://www.theguardian.com/technology/2014/apr/16/heartbleed-bug-detection-tools-flawed

 

 

 

Tor anonymity network to shrink as a result of Heartbleed flaw

Tor anonymity network to shrink as a result of Heartbleed flaw

 

PC WORLD
by Lucian Constantin
April 17, 2014

 

 

Tor anonymity network to shrink as a result of Heartbleed flaw
Tor anonymity network to shrink as a result of Heartbleed flaw

 

 

The Tor Project has flagged 380 Tor relays vulnerable to the critical Heartbleed flaw to be rejected from the Tor anonymity network, reducing the network’s entry and exit capacity.

The decision has already been implemented on a Tor directory authority—a server that maintains a list of Tor relays—controlled by Roger Dingledine, the Tor Project leader, and is likely to be followed by other directory authority operators.

The 380 relays flagged for rejection are trusted entry relays, also known as guards, and exit relays. As a result, the immediate impact of this decision would be a 12 percent reduction in the network’s guard and exit capacity, Dingledine said Wednesday in an email sent to the tor-relays mailing list.

Traffic from clients typically flows through the Tor network in three hops. The first hop is through a guard relay and the final hop, before the traffic is returned on the Internet to reach its intended destination, is through an exit relay.

Twelve percent might not sound like much, but guard and exit relays play an important role on the network and are not easy to replace. Many relays are run by volunteers, but they need to be trusted and need to have enough bandwidth at their disposal to handle traffic from multiple clients.

“I thought for a while about taking away their Valid flag rather than rejecting them outright, but this way they’ll get notices in their logs,” Dingledine said.

 

Tardy patches seem to be the reason

It seems that the ban might be permanent. Dingledine said that he wouldn’t want those relays back on the Tor network even if they upgraded their versions of OpenSSL because their operators didn’t patch the flaw in a timely manner.

The Heartbleed vulnerability was announced on Apr. 7 and affects versions 1.0.1 through 1.0.1f of OpenSSL, a library that implements the TLS (Transport Layer Security) encrypted communication protocol and which is used by many operating systems, web servers, browsers and other desktop and mobile applications.

The flaw allows attackers to extract information from the memory of an application that relies on OpenSSL for TLS communications, whether that application acts as a client or a server.

Both the Tor client and relay software is potentially vulnerable if the OpenSSL library is not updated on the underlying OS.

“Tor relays and bridges could maybe be made to leak their medium-term onion keys (rotated once a week), or their long-term relay identity keys,” Dingledine wrote in a blog post last week after the Heartbleed flaw was announced.

“An attacker who has your relay identity key, has your onion key, and can intercept traffic flows to your IP address can impersonate your relay (but remember that Tor’s multi-hop design means that attacking just one relay in the client’s path is not very useful). In any case, best practice would be to update your OpenSSL package, discard all the files in keys/ in your DataDirectory, and restart your Tor to generate new keys.”

In addition to the 380 guard and exit relays that have been banned already there are over 1,000 other relays that are also vulnerable and should be added to the rejection list at some point soon, Dingledine said.

 

Direct Link:  http://www.pcworld.com/article/2145280/tor-anonymity-network-to-shrink-as-a-result-of-heartbleed-flaw.html