The list of products and sites affected by the OpenSSL heartbleed vulnerability continues to grow, and as security teams implement the patch and dig into the thornier work of revoking certificates, a new problem is emerging: It’s difficult to know whether an attacker has exploited the vulnerability on a given system.
The nature of the vulnerability in OpenSSL is such that an attacker can exploit the vulnerability without the site operator knowing. The flaw lies in the way that the OpenSSL library handles the heartbeat extensions for TLS and it exists in many versions of the software. OpenSSL is deployed on a huge number of sites, roughly two-thirds of the Web by some estimates, and although the OpenSSL Foundation has released a fixed version, it could be some time before the majority of sites are patched.
Experts say that the ambiguity surrounding exploitation of the OpenSSL vulnerability adds an unwelcome layer to an already troubling security problem.
“It’s a nightmare vulnerability, since it potentially leaks your long term secret key — the one that corresponds with your server certificate. Worse, there’s no way to tell if you’ve been exploited. That means the prudent thing to do now is revoke your certificate and get a new one. We’ll see how many people do that,” said cryptographer Matthew Green, a professor at Johns Hopkins University.
Officials at Mozilla acknowledged this quandary in their advisory on the heartbleed vulnerability, which affected some of the organization’s systems running Firefox Persona and Firefox Accounts. Those systems run on Amazon Web Services using OpenSSL.
“Because these TLS connections terminated on Amazon ELBs instead of the backend servers, the data that could have been exposed to potential attackers was limited to data on the ELBs: TLS private keys and the plaintext contents of encrypted messages in transit,” Sid Stamm, senior manager of security and privacy engineering at Mozilla, said in a blog post.
“We have no evidence that any of our servers or user data has been compromised, but the Heartbleed attack is very subtle and leaves no evidence by design. At this time, we do not know whether these attacks have been used against our infrastructure or not. We are taking this vulnerability very seriously and are working quickly to validate the extent of its impact.”
The way that the OpenSSL heartbleed vulnerability works, an attacker who successfully exploits the bug can read up to 64KB of memory from a vulnerable machine, per request. Depending upon the circumstances, the attacker may be able to retrieve a server’s private key or other sensitive data.
Researchers have confirmed that Android devices running versions 4.1.0 and 4.1.1 also are vulnerable. The heartbeat extension was disabled in Android 4.2.
Image from Flickr photos of Lauren Coolman.