The vulnerability we’re going to talk about in this article is CVE-2014–0160, known as the “Heartbleed” bug. The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. This little bug left Google, Yahoo, Tumblr, GoDaddy and many more vulnerable. But before the bug let’s talk about some important things.
SSL stands for Secure Sockets Layer and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing attackers from reading and modifying any information transferred, including potential personal details.
It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.
TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.
HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.
OpenSSL is a general purpose cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
The library includes tools for generating RSA private keys and Certificate Signing Requests (CSRs), checksums, managing certificates and performing encryption/decryption. OpenSSL is written in C, but wrappers are available for a wide variety of computer languages.
We had a problem with SSL/TLS connection, and the problem was that as long as there’s data being transferred in the connection we were fine but when there was no data left TLS automatically would close the connection and we had to restart the connection every time.
To overcome this problem, OpenSSl came up with the “heartbeat” extension (RFC 6520). Heartbeat is an echo functionality where either side (client or server) requests that a keyword (number of bytes of data) that it sends to the other side be echoed back. The idea appears to be that this can be used as a keep-alive feature, with the echo functionality presumably meant to allow verifying that both ends continue to correctly handle encryption and decryption.
For example, Bob and Alice are talking on phone, after talking for a while Bob stops replying, now to Alice says “Are you there? I miss you” where “I miss you” is our keyword. The Bob responds “Yes, I’m here, I miss you” (echoes back the keyword), and hence they do not cut the call.
The Heartbleed Bug
Now that we’ve given the background of all the major keywords, let’s come to the vulnerability. This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team in April, 2014.
The attack works by exploiting the heartbeat extension’s keyword request. Instead of the normal keyword, the attacker requests that the keyword must be echoed back by the server with a greater length. Let’s go back to the previous example: Bob and Alice are talking on phone, but this time when Bob is not responding, Alice starts doubting that he’s talking to someone else, so she says “I miss you but WHAT ARE YOU DOING?” Now Bob understands the serious tone of Alice and responds by saying the keyword “I miss you ” but also starts telling her that he was busy working on a project, he has deadline, his boss is angry, whatever comes to his mind.
So basically what happens here is that the attacker tells the server to echo the 6 byte keyword in let’s say 6000 bytes, so what the server does is, it dumps whatever is present in the memory to fill up 6000 bytes and ends up exposing the private data to the attacker.
The interesting part of this attack is that it doesn’t leave any traces behind.
Now what data does this bug leaks?
Despite being a pretty simple bug, it proved to be very dangerous as it can leak private keys used for encryption, leaked secret keys allow the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed; login credentials (user names and passwords) used in the vulnerable services and the actual content handled by the vulnerable services, it may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption.
How to protect yourself from this attack?
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012.
OpenSSL 1.0.1 to 1.0.1f are all vulnerable. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug. Older versions of OpenSSL are also not affected by this bug.
Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys, also all the users have to change the credentials. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services. If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.