HTTPS is layered on top of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to enable a user to securely communicate with a website without tampering or monitoring from intermediate parties.
However, on April 7, 2014 a serious vulnerability (CVE-2014-0160) was uncovered within the TLS heartbeat extension in versions of OpenSSL that places the encrypted communication at risk. Attackers can leverage this bug to obtain the private keys from the webserver and use this information to decrypt and monitor communications that are taking place over SSL/TLS, exposing any sensitive data communicated by the user.
1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.
Scope of the vulnerability
Apache, which uses OpenSSL for HTTPS, is used by 66% of all websites according to netcraft.com. A study of the TLS heartbeat extension by Netcraft also identified that 17.5% of SSL sites may be vulnerable to the Heartbleed bug.
Is a patch available?
Yes - OpenSSL 1.0.1g was released on April 7, 2014 (https://www.openssl.org/source/).
Impact of the vulnerability
This vulnerability allows an attacker to extract memory contents from the webserver through the vulnerability in the heartbeat. As a result an attacker may be able to access sensitive information such as the private keys used for SSL/TLS.
- Active Attack - Equipped with the private key, an attacker can silently monitor and decrypt communications between the user and the web server. As a result, an attacker could view private data such as passwords, credit card data, medical records and any other sensitive data the user exchanges with the website. In addition, the attacker could impersonate the target website to deliver fake, inaccurate or malicious data to the user.
- Offline Attack - Some well funded attackers gather large amounts of encrypted data and store this data in the event they can later decrypt the information. Using the Heartbleed vulnerability the attackers could decrypt this information if it was obtained when passed between a user and a vulnerable website. This means that sensitive data exchanged up to two years ago could also now be at risk for exposure to attackers. Note: sites implementing Perfect Forward Secrecy are protected against this particular attack.
Who might exploit this vulnerability?
In order to decrypt data exchanged between a user and a website, the attacker must have access to network devices along the communication path. This attack could most easily be launched by state actors or criminal enterprises operating in collusion with network operators. In addition, individual attackers could leverage this vulnerability to attack individuals using a shared wifi hotspot.
Can attacks be detected?
Unfortunately, no. An attacker exploiting this vulnerability will leave no trace within the webserver logs. As a result it is not possible to determine if vulnerable web sites have been exploited.
What should website owners do?
Verify if you are using a vulnerable version of OpenSSL.
Upgrade OpenSSL as soon as possible.
Reissue your security certificates for SSL/TLS. The vulnerability has been present for two years and there is no way to verify if your private key has been compromised as a result of this vulnerability. In addition, a compromised key would be used to silently monitor communications from your users and the attack would be undetectable. It is prudent to assume a breach and proactively reissue security certificates.
Implement Perfect Forward Secrecy. This additional layer of security protects encrypted data from several potential attacks by using a per session random keys.
What should users do?
Unfortunately there’s not much a user can do. If you have an account at one of the many large websites that may have been affected, you can proactively change your password just to be safe.
Which large websites were impacted?
A partial lists of large websites that are impacted can be found here. This list includes websites such as yahoo.com, stackexchange.com, eventbrite.com, okcupid.com, suning.com, and squidoo.com.
What other concerns are there with this vulnerability?
The Heartbleed vulnerability allows an attacker to extract information within the webserver’s memory. As a result, a wide variety of information could be at risk including sensitive user or system data. In addition to placing webservers at risk, OpenSSL is also used by a variety of network appliances. These devices could be subjected to attack to extract sensitive information within memory.