Valid HTML 4.01 Transitional

Heartbleed Bug in OpenSSL

James F. Carter <jimc@math.ucla.edu>, 2014-04-09

Heartbleed is an exploitable bug in the OpenSSL encryption package. It was discovered independently and nearly simultaneously by teams at Google Security and at Codenomicon. It was reported and was assigned an identifier of CVE-2014-0160. It affects the version of OpenSSL normally deployed by UNIX distros, and has been present but unrecognized for over two years. A fix has been prepared and sent out by all the major distros, and UCLA-Mathnet has installed this fix.

When two computers connect using SSL/TLS encryption, as in the HTTPS web protocol, either partner can send an "are you alive" query (heartbeat) containing identifying information, which the other partner is supposed to return. However, an evil partner can lie about the length of the identifier. OpenSSL failed to notice a length greater than the packet size, and would send material from its own memory following the end of the packet. This would be trash, i.e. recently but no longer used data.

Like any trash, the returned information is sometimes valuable and recognizable, although requiring significant hand labor to turn into a fraudulent business transaction. The Codenomicon team attacked their own servers and recognized their users' login names and passwords, the non-public pages protected by the SSL/TLS connections, and the host key of their own server. Using the host key the attacker could create a webserver that could identify itself as the victim and be believed in. (But additional difficult exploits are needed to get fleeceable sheep to make connections to the fake server.)

Earlier, there were no reports that Heartbleed has been used as part of an actual fraud scheme, either evil clients harvesting secrets from a server, or evil servers snooping on clients. However, the more likely possibility involves a national security context. Update: Ram Sripracha has passed on reports that Black Hats are actively using the Heartbleed exploit.

So what should our users do to respond to Heartbleed?

Doomsayers are echoing reports that internet security is totally compromised. The Heartbleed bug is an example where a layered response is appropriate. In theory, every secret could be extracted from a victim machine. In practice, the information will be in fragments and not necessarily complete, and a lot of patience and hand labor will be needed to identify and reassemble the secrets, and then to turn them into a successful fraud. Black Hats are using the Heartbleed exploit, but it's not clear how much or on which servers, so a prudent but not panic-stricken response is appropriate, such as changing passwords.

National security targets need to be particularly conscientious when responding to Heartbleed.

Web resources: