After Heartbleed bug took cyber space by storm last week, security researchers and experts had just discovered the treat is not limited to the OPenSSL websites, but personal devices too. Changing passwords and patching servers will not let you escape the Heartbleed bug, security researchers warned. Personal computers and devices are now under threat by this potent risk called ‘Reverse Heartbleed’, as security researchers have defined it.
What is Reverse Heartbleed?
This cloud identity and access management service provider called Meldium has explained about Reverse Heartbleed. While patching their systems, they discovered that bigger web servers are vulnerable to a new variant of Heartbleed bug which they have called as Reverse Heartbleed. According to their test results, Heartbleed bug may affect any random bits of memory resource fro, any unprotected peer device or PC. Earlier we learnt that Heartbleed bug attacks OpenSSL web servers to extract cookies, private keys and other information from the server. But, that’s not all. Such malevolent web server can attack client systems and send bad heartbeat packets to those client devices to steal data from client devices.
Who are vulnerable to Reverse Heartbleed?
Client devices which use OpenSSL are vulnerable to such data theft risks. Clients including browsers and apps such as Microsoft Office, Dropbox, according to Meldium, and many Android and iOS apps can be directed to a malicious server or an endpoint could get affected by Reverse Heartbleed threat.
In addition to these traditional clients, other types of clients such as open agents that fetch an URL on its behalf are also vulnerable to Reverse Heartbleed attacks. Meldium pointed open agents which are to be guarded against Reverse Heartbleed are social networks such as Facebook accounts that fetch URL on a status update, file and photo sharing apps that use an URL to upload any data or photos, web spiders which may accidentally index a webpage which gets redirected to any malicious server or webhooks which ask clients to register to any certain events and get notified by an URL.
Home passed PC and device users are also warned to verify the application developers and vendors that if they have a patch in place to repair Reverse Heartbleed attack. Also, users must be careful while downloading any updates or using affected devices. To protect these clients, Meldium has also released a Reverse Heartbleed Tester tool to check if your device or PC is vulnerable to this threat.