When the Heartbleed vulnerability was discovered, companies and security researchers scrambled to ensure this threat would not become a major problem. Although significant steps have been taken to nullify this threat, the danger is far from over. A new report from Shodan shows how roughly 200,000 devices and services remain vulnerable to the Heartbleed exploit. A very disconcerting number, to say the least.
Heartbleed Bug Remains A Critical Weakness
The report from search engine Shodan paints a troublesome picture for nearly 200,000 computer systems all over the world. As it turns out, all of these systems are vulnerable to a Heartbleed attack. This particular bug was discovered in the OpenSSL protocol in April of 2014. One would expect all of these vulnerabilities to be addressed by now, but that is far from the case.
The vast majority of vulnerable computer systems can be found in the United States. In fact, the US represents over one in five vulnerable systems mentioned in the report, indicating quite a lot of work has to be done in that part of the world. Among the list of companies who control these vulnerable computer systems are Amazon.com, Verizon Wireless, OVH, and Comcast Cable, to name a few.
South Korea is the second country on the list of Heartbleed-vulnerable countries. Their top ISP – SK Broadband – and top mobile provider – Korea Telecom – are running several thousand systems which are not patched to withstand a Heartbleed attack. It is disappointing to see so many of these large companies still ignore system security up to a certain extend. Especially when considering the Heartbleed bug was identified nearly three years ago.
One month after security researchers informed the world about the Heartbleed exploit, the number of vulnerable systems dropped from 615,000 to 318,000. It seems very little progress has been may since May of 2014, as nearly 200,00 systems are still susceptible to this attack vector in January of 2017. In most cases, these vulnerable systems are running either Apache or Nginx as an operating system.
Keeping in mind we live in a world where more devices are connected to the Internet every day, it is troublesome to see reports like these. Heartbleed allows hackers and other criminals to retrieve sensitive information from vulnerable web servers. Even if the IoT device in question is protected, the connection to a vulnerable host can still expose information to third parties. Moreover, it is rather easy for criminals to exploit the Heartbleed bug regardless of their level of expertise. While it may be cumbersome to upgrade one’s openssl library, if institutions do not have the technical capabilities to do the necessary updates, they pose a risk both to themselves and their users.
For the time being, it remains unclear if this data is indeed correct. Assuming that is the case, one begins to wonder how the affected companies will respond to this threat. It is evident online threats are still not being taken seriously by a lot of companies and service providers, which is not a positive sign by any means. Mainly older computer systems will remain prone to hacking attempts, and it is up to individual enterprises to ensure those attacks are prevented.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.