As you’re probably already aware, the Heartbleed bug, a critical vulnerability, was recently discovered in OpenSSL, the software package used to implement encrypted connections by a majority of web servers and other online services. We thought it would be useful to provide a more detailed explanation of how the vulnerability works and how it can be used to access highly sensitive data like private keys and username/password combinations.
It’s worth noting that the vulnerability is not an issue with SSL itself, but rather with the specific implementation of that protocol found in OpenSSL, which is used by both the Apache and Nginx web servers, as well as many other vital components of the online ecosystem. In an earlier article, we asked whether SSL was broken in the light of revelations of surveillance by intelligence agencies. We concluded that the protocol itself was secure, but that weaknesses in the implementation could lead to vulnerabilities. The Heartbleed vulnerability is an excellent example of the sort of implementation weakness we were referring to.
The Heartbleed bug — officially known as CVE–2014–0160 — is the result a defect in OpenSSL’s implementation of the SSL protocol’s heartbeat function. The heartbeat function is a simple addition to the protocol that allows the machines involved in a SSL connection to send a message to each other requesting a response to verify that the other party is still available. Unfortunately, it’s possible to craft the heartbeat message so that the responding server will transmit the contents of a portion of its memory to the originating server.
The vulnerability is so serious because it allows an attacker access to information in RAM that may contain private keys and other critical data. With the private keys, an attacker could potentially decrypt all further communication with that server. Unlike Apple’s recent “goto” bug, Heartbleed doesn’t depend on a man-in-the-middle attack: anyone who knows about the vulnerability and has a bit of coding knowledge can connect to a vulnerable server and prompt it to give up the keys to the kingdom. In addition to private keys, a host other information may be made available, including login data, credit card numbers, and other highly sensitive data.
The Heartbleed bug is particularly pernicious because it leaves behind no trace. It is impossible to tell whether a given server and its private keys have been exploited.
Because of the ubiquity of the vulnerable version of OpenSSL and the fact that it’s been in the wild for a couple of years, it’s entirely possible that malicious individuals knew about the exploit and have used it, which is why many online services are scrambling to change their private keys and prompting users to update their passwords. Most Linux distributions were vulnerable, including CentOS 6.5.
Fortunately, removing the vulnerability is fairly straightforward. Versions of OpenSSL from 1.0.1 to 1.0.1f are vulnerable. OpenSSL 1.0.1g is not vulnerable, and nor are the 1.0.0 branch and the 0.9.8 branch. Users of vulnerable versions should immediately update to the most recent version of OpenSSL.
Photo credits: Irina Patrascu