FEATURE NEWS Free eNews Subscription

Heartbleed Strikes Again: Android Devices, Wi-Fi Routers Vulnerable

By

Just when you thought you've heard the last of the Heartbleed bug, it rears its ugly head again almost seven weeks later. As we learn more about the flaw that tricks servers into dumping recent user information to those devious enough to learn how, more vulnerabilities are arising. The most recent one, named Cupid by the Portuguese security researcher Luis Grangeia who discovered it, exploits local Wi-Fi signals to make an attack against what is essentially the same vulnerability. Despite the cute name, Cupid poses a significant security risk that must be identified and addressed immediately.

Instead of targeting remote computer servers over the Web in the way that Heartbleed originally struck, Cupid instead performs the same procedure by targeting Wi-Fi routers. Since Wi-Fi routers were never (knowingly) targeted by the Heartbleed bug, they never received the same protections. That means that any hacker with access to a Wi-Fi router can access every computer and mobile device connected to that network. Whether dealing with a private home Wi-Fi router or a large-scale enterprise router network, the bug has access and can have the router spit back data including passwords, usernames, account details and more.

What's worse is that there is no list that denotes which devices are safe from this kind of an attack. Grangeia has urged vendors and administrators to upgrade their routers to prevent these attacks, and he has posted the proof of concept in order to aid this process. He has also identified that the most vulnerable targets rely on EAP-based routers that require both an individual password and login, as hackers can easily gain that information and then explore the network at their leisure. Android devices running the 4.1.1 Jelly Bean OS are also vulnerable to the bug.

Thankfully, Grangeia says that the damage will be far more contained than the original Heartbleed leak. Hackers will have to physically travel to Wi-Fi networks to break into them, which is more difficult and time-consuming than simply accessing a server through the Internet. This will allow for plenty of time to upgrade routers before the problem becomes too widespread.


Edited by Rory J. Thompson
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Author Info
Matt Paulson

TechZone360 Contributing Writer

Click here to read full bio

SHARE THIS ARTICLE
Share
Related Articles

ChatGPT Isn't Really AI: Here's Why

By: Contributing Writer    4/17/2024

ChatGPT is the biggest talking point in the world of AI, but is it actually artificial intelligence? Click here to find out the truth behind ChatGPT.

Read More

Revolutionizing Home Energy Management: The Partnership of Hub Controls and Four Square/TRE

By: Reece Loftus    4/16/2024

Through a recently announced partnership with manufacturer Four Square/TRE, Hub Controls is set to redefine the landscape of home energy management in…

Read More

4 Benefits of Time Tracking Software for Small Businesses

By: Contributing Writer    4/16/2024

Time tracking is invaluable for every business's success. It ensures teams and time are well managed. While you can do manual time tracking, it's time…

Read More

How the Terraform Registry Helps DevOps Teams Increase Efficiency

By: Contributing Writer    4/16/2024

A key component to HashiCorp's Terraform infrastructure-as-code (IaC) ecosystem, the Terraform Registry made it to the news in late 2023 when changes …

Read More

Nightmares, No More: New CanineAlert Device for Service Dogs Helps Reduce PTSD for Owners, Particularly Veterans

By: Alex Passett    4/11/2024

Canine Companions, a nonprofit organization that transforms the lives of veterans (and others) suffering PTSD with vigilant service dogs, has debuted …

Read More
View All News