A huge question mark hangs over the adverse effect of the newly-discovered OpenSSL flaw, popularly known as the “Heartbleed virus” on the Internet of Things (IoT) and Machine-to-Machine (M2M) communications.
The security bug is likely to affect about two-thirds of websites and has sent out a panic wave on the web, among users and companies, as they go about understanding and tackling this new threat. Needless to state, many systems are vulnerable to the flaw, and experts now believe that these are unikely to get fixed in a hurry.
The Heartbleed Bug is a serious vulnerability in the OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Some experts are of the opinion that the IoT world is especially susceptible since companies were not going to ugrade in a hurry, leaving systems untouched on the web.
OpenSSL, in which the bug, known as Heartbleed, was found, is widely used in software that connects devices in homes, offices, and industrial settings to the Internet. The Heartbleed flaw could live on for years in devices like networking hardware, home automation systems, and even critical industrial-control systems, because they are infrequently updated.
Writing in the MIT Technology Review, Timothy Simonite said network-connected devices often ran a basic web server to let an administrator access Online control panels. In many cases, these servers were secured using OpenSSL and their software woud still need updating, he said, quoting Philip Lieberman, President of security company, Lieberman Software. However, this was unlikely to be a priority.
So, lets say, if a malicious attacker wanted to get a hold of a password to your bank account, he now had the option of a device exposed to the Heartbleed bug. Even if a business fixed the bug on their website, it still left it on their device like a wireless routers, hackers could break into the device and do away with the banking password.
So the real question that begs an answer is – how much vulnerable is the IoT going to be, post Hearbleed?
Image Credit: Heartbleed.com
– Advertising Message –