There is nowhere to hide. Just two months following the discovery of Heartbleed, the massive OpenSSL bug that affected two-thirds of the entire Internet at the time it was revealed, a new OpenSSL bug has been uncovered that could be even more dangerous. Led by Masashi Kikuchi, security researchers at Japan-based Lepidum shared their discovery on Thursday, noting that this newly revealed vulnerability in OpenSSL has existed for more than 15 years.
According to a report from The Guardian, nefarious hackers using this vulnerability could intercept sensitive data from a target’s computer while connected to the same network. A hacker on a public Wi-Fi network, for example, could use the OpenSSL bug to intercept usernames, passwords and credit card data from other people on the network. Hackers can even alter the data sent and received by other computers on the network using this flaw.
This newest security hole “may be more dangerous than Heartbleed” because it can be used to actively spy on people, Lepidum security researcher Tatsuya Hayashi told The Guardian.
“Under the public Wi-Fi network situations, attackers can very easily eavesdrop and make falsifications on encrypted communications,” Hayashi said. “Victims cannot detect any trace of the attacks.”
The new vulnerability exists in all builds of OpenSSL prior to versions OpenSSL 1.0.1 and 1.0.2 beta. Computers, tablets and mobile phones are all currently at risk as a result.