Monday afternoon, the IT world got a very nasty wakeup call, an emergency security advisory from the OpenSSL project warning about an open bug called "Heartbleed." The bug could be used to pull a chunk of working memory from any server running their current software. There was an emergency patch, but until it was installed, tens of millions of servers were exposed. Anyone running a server was suddenly in crisis mode.
Letting attackers listen in on data traffic
If the "Heartbleed" name sounds dramatic, this bug seems to live up to the hype. It’s already far worse than the GoToFail bug that embarrassed Apple earlier this year, both by the scale of computers affected and the depth of the breach. The new bug would let attackers pull the private keys to the server, letting attackers listen in on data traffic and potentially masquerade as the server. Even worse, it’s old: the bug dates back two years, and it's still unclear how long anyone's known about it.
As many as two out of three servers on the web rely on OpenSSL
OpenSSL isn't widely known outside of the coding world, but as many as two out of three servers on the web rely on its software. The sudden reveal means anyone involved is now scrambling for a fix. Already, Yahoo has been exposed by the bug, and experts have advised any Yahoo users to steer clear of their accounts until the company has time to update their servers. (A Yahoo representative tells The Verge the core sites are now patched, although the team is still working to implement the fix across the rest of the site.) Dozens of other smaller companies have also reportedly been affected, including Imgur, Flickr, and LastPass (although LastPass says no unencrypted data was exposed). "It is catastrophically bad, just a hugely damaging bug," says ICSI security researcher Nicholas Weaver.
Discovered by Google researcher Neel Mehta, the bug allows an attacker to pull 64k at random from a given server's working memory. It's a bit like fishing — attackers don't know what usable data will be in the haul — but since it can be performed over and over again, there's the potential for a lot of sensitive data to be exposed. The server's private encryption keys are a particular target, since they're necessarily kept in working memory and are easily identifiable among the data. That would allow attackers to eavesdrop on traffic to and from the service, and potentially decrypt any past traffic that had been stored in encrypted form.
"You might want to stay away from the internet entirely for the next few days while things settle."
For most privacy tools relying on OpenSSL, the takeaway is catastrophic. A blog post from the Tor Project told users, "if you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle." In many cases, a few days may not be enough. It will give services time to patch their servers, but if any private keys were compromised before the patch went up, it would give attackers free rein in the months to come. Servers can reset their certificates, but it's slow and expensive, and experts suspect many of them may simply assume the patch is enough. "I bet that there will be a lot of vulnerable servers a year from now," Weaver says. "This won't get fixed."
"This won't get fixed."
Apple, Google and Microsoft appear to be unaffected, along with the major e-banking services. Yahoo, on the other hand, was affected and leaking user credentials for a significant portion of the day before its core sites were fixed. More generally, any server running OpenSSL on Apache or Nginx will be affected, which implicates a huge variety of everyday websites and services.
For now, there are a few ways users can tell which services are safe — but the news isn't reassuring. This site, built by developer Filippo Valsorda, offers a spot-check as to which services are currently unpatched, but the site's code is also producing false negatives, so it shouldn't be taken as definitively ruling anything out. Any patched server will also need to generate new SSL certificates to make sure attackers can't use keys that were exposed in the breach. To check, use an SSL tracker like this one and look for a certificate's "issued on" date, which should be dated after the recent patch. Resetting the certificates will take time and money, but if a compromised site keeps using a compromised certificate, they'll be leaving themselves open to an attack.
"These are really subtle bugs."
It’s still early to tell what larger changes will be made as a result of the breach, but some lessons are already clear. Despite the vast infrastructure relying on OpenSSL, the open-source project is comparatively underfunded, and some experts have already called for more donations to the project to prevent vulnerabilities like Heartbleed from slipping through the cracks. Perfect Forward Secrecy could also have limited the damage from the bug, preventing decryption after the fact.
But the most troubling lesson might be how hard vulnerabilities are to discover, and how damaging they can be once fully revealed. "These are really subtle bugs," Weaver says. "You might detect it if you ran it through a memory checker, but this is not the kind of thing that just shows up looking at the code." That’s a credit to Google, who was rigorous enough to discover the bug — but for anyone relying on secure software, it’s a troubling thought.
Update April 8th, 3:54PM EST: Updated to reflect a statement from Yahoo: "Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr) and we are working to implement the fix across the rest of our sites right now."