If the realization that much of the Internet has been open to hackers for the last couple of years wasn’t bad enough, now we are finding out that some of the hardware we use to get onto the Internet is also affected. And unlike changing a password at a vulnerable site, this fix is going to be much more difficult.
Tech firms Cisco (CSCO) and Juniper (JNPR) have identified about two dozen networking devices affected by Heartbleed, including servers, routers, switches, phones and video cameras used by small and large businesses everywhere. The companies are also reviewing dozens more devices to determine whether they’re impacted by the bug as well, this according to an article on CNNMoney. According to the article, this means that for the last two years someone could have been able to tap your phone calls and voicemails at work, all your emails and entire sessions at your computer or iPhone. You also could have been compromised if you logged into work from home remotely.
According to researchers at security provider SilverSky and Singlehop, here is what may be affected:
- Work phone: At least four types of Cisco IP phones were affected. If the phones are not behind a protective network firewall, someone could use Heartbleed to tap into your phone’s memory banks. That would yield audio snippets of your conversation, your voicemail password and call log.
- Company video conference: Some versions of Cisco’s WebEx service are vulnerable. Hackers could grab images on the shared screen, audio and video too.
- VPN: Some versions of Juniper’s virtual private network service are compromised. If anyone tapped in, they could grab whatever is on your computer’s memory at the time. That includes entire sessions on email, banking, social media, etc.
- Smartphone: To let employees access work files from their iPhones and Android devices, some companies opt for Cisco’s AnyConnect Secure Mobility Client app for iOS, which was impacted by Heartbleed. An outsider could have seen whatever you accessed with that app.
- Switches: One type of Cisco software that runs Internet switches is at risk. They’re notoriously hard to access, but they could let an outsider intercept traffic coming over the network.
On its site, Juniper told customers, “We are working around the clock to provide fixed versions of code for our affected products.” However, it’s up to the individual users to patch their hardware.
That is why changing passwords isn’t necessarily enough to overcome the potential damage caused by the Heartbleed bug. Even if a website isn’t vulnerable when communicating with its customers, the company’s servers might still be exposed. The problem doesn’t seem to be widespread on the consumer side, though. Linksys and D-Link make many of the routers we use to connect to the Web from home, and they say none of their devices are affected. No word yet, however, from Netgear (NTGR).