This article explains what is a Heartbleed attack, how it works, and how to protect yourself against this vulnerability.
Khushal Kaushik is the founder & CEO of LISIANTHUS TECH, and a cyber security specialist and ethical hacker, with a grade in Computer Science and 12 computer certification such as MCP, MCTS, DIGITAL FORENSIC, to name a few. He has been operating in the IT industry for the last four years and he possesses an extensive experience in Cyber Security and Cyber Forensic. He has been involved in a number of projects on web security vulnerability, hospital management, insecure cryptography storage, web protection and many more.
WHAT IS HEARTBLEED
The Heartbleed bug is a programming flaw in OpenSSL that many websites use to protect your sensitive information. This means that if someone can access an SSL protected site with this vulnerability, then he could access your account information and anything that is protected by SSL. If a site has been affected by the Heartbleed bug, it means that the user account information has been exposed. The account information includes usernames, passwords, credit card details, and more.
A Heartbleed attack allows a hacker to pull out 64K of random data living in the active memory of those targeted systems, via the malicious Heartbleed attack. A hacker could also decrypt the traffic between a client and a server. According to my own test, many websites are vulnerable to this attack. You have to update your SSL certificate and changeall the passwords that could be affected. The real question is whether or not someone deliberately inserted this bug into OpenSSL, which now provides him with two years of unfettered access to everything.
WHY IS IT DANGEROUS FOR YOUR ANDROID DEVICE
If your device is running on a version of Android that uses an affected version of OpenSSL, your data may be vulnerable. My research found that the affected Android versions only make up a small amount of the overall Android system. Apple doesn’t move its mobile operating system on OpenSSL, so there is no need to worry about IOS and since Android has also provided an updated version, it is safer.
It is possible that these phones fall into that category, leaving users unable to update to a newer and safer version of Android. According to my own test, the hardware in these Android smart phones is good, but the software cannot be compared to the hardware. The 4.1.1 and 4.2.2 versions of Android are vulnerable with Heartbleed. Hackers will take advantage of this kind of vulnerability while Google will say that they have already patched the affected version of Android, but I still found some vulnerable Android smart phones on which Google failed to deliver updated versions.
My research found that Android device vulnerability can happen anywhere. Just because your device isn’t vulnerable it doesn’t mean that all your apps and services are secure. Wait until you've heard from a company whose systems have been patched. Then you're safe to change your password. If your phone is vulnerable, I’ll suggest you update your OS to the latest version of Android. If you don't have an update available, unfortunately you will have to wait for your manufacturer to issue an update for your device. In some cases, they may never release an update, so you have to change your passwords every couple of months.
Now may be a really good time to change your passwords again, especially if you use any of the sites that were affected. Keep in mind, however, if a site has not yet fixed the problem on their end, your information can still be vulnerable whether you changed your password or not.
HOW CAN YOU PROTECT YOURSELF?
If you assume that your accounts may be compromised, you should change your passwords immediately. Once you've got confirmation of your passwords change for your email account, social networking websites and online banking, even if you've implemented a two-factor authentication - which, in addition to a password asks for another piece of identifying information, like a code that's been sent to you on email or on your mobile – after changing the passwords you have to monitor all your online accounts.
Because attackers can access a server's memory for credit card information, it would be very harmful to you if the attacker makes changes on your bank transactions. Even after following these guidelines, there are still some risks in surfing the Web in the wake of the bug. Heartbleed is even said to affect browser cookies, which track users' activity on a website, so even visiting a vulnerable site without logging in could be unsafe.
I hope my article helps you sort out your Heartbleedbug issue, and help you stay safe on the Internet. I’ll keep you updated and secure with my future articles.