Heartbleed is not affecting just websites, but also routers and phones, much to everyone’s displeasure. Cisco has issued a security bulletin for customers saying that it has discovered 16 products so far that are vulnerable to Heartbleed.
The list includes: Cisco AnyConnect Secure Mobility Client for iOS, Cisco Desktop Collaboration Experience DX650, Cisco Unified 7800 series IP Phones, Cisco Unified 8961 IP Phone, Cisco Unified 9951 IP Phone, Cisco Unified 9971 IP Phone, Cisco TelePresence Video Communication Server (VCS), Cisco IOS XE, Cisco Unified Communication Manager (UCM) 10.0, Cisco Universal Small Cell 5000 Series running V3.4.2.x software, Cisco Universal Small Cell 7000 Series running V3.4.2.x software, Small Cell factory recovery root filesystem V2.99.4 or later, Cisco MS200X Ethernet Access Switch, Cisco Mobility Service Engine (MSE), Cisco TelePresence Conductor, Cisco WebEx Meetings Server versions 2.x.
None of these are actually currently affected, but they’re vulnerable to the bug. Dozens of other products are currently under investigation, which means that the list could expand soon. It seems like IP telephones, communication servers and messaging systems are on the list.
Juniper has also issued a warning, saying that the company’s products were affected by the Heartbleed bug, including certain versions of the SSL VPN software, which is of the biggest concern for users. A patch has already been issued for the tool, but other fixes are also in the works for different products.
The Heartbleed bug was announced earlier this week, along with an update for the OpenSSL version that it was affecting. Unfortunately, the issue had gone undetected for two years during which hackers could have collected troves of information, including passwords, banking information and server encryption keys, to name just a few.
Some two thirds of the world’s websites used the affected OpenSSL versions that were affected by the bug, including important sites such as Google, Yahoo and Facebook. Even though the bug has been fixed by most websites, there are plenty more tools that remain unprotected.
Eventual exploits of this bug are completely untraceable, which means that there’s no way to know whether or not Heartbleed has been detected by hackers or not. However, given the size of the bug, there’s a high possibility that it has been used by both criminals and intelligence agencies, especially given the NSA’s aim to collect as much data as possible.