Click to Skip Ad
Closing in...

New widespread Internet bug could be more dangerous than Heartbleed

Published Jun 6th, 2014 9:40AM EDT
OpenSSL Bug

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

There is nowhere to hide. Just two months following the discovery of Heartbleed, the massive OpenSSL bug that affected two-thirds of the entire Internet at the time it was revealed, a new OpenSSL bug has been uncovered that could be even more dangerous. Led by Masashi Kikuchi, security researchers at Japan-based Lepidum shared their discovery on Thursday, noting that this newly revealed vulnerability in OpenSSL has existed for more than 15 years.

According to a report from The Guardian, nefarious hackers using this vulnerability could intercept sensitive data from a target’s computer while connected to the same network. A hacker on a public Wi-Fi network, for example, could use the OpenSSL bug to intercept usernames, passwords and credit card data from other people on the network. Hackers can even alter the data sent and received by other computers on the network using this flaw.

This newest security hole “may be more dangerous than Heartbleed” because it can be used to actively spy on people, Lepidum security researcher Tatsuya Hayashi told The Guardian.

“Under the public Wi-Fi network situations, attackers can very easily eavesdrop and make falsifications on encrypted communications,” Hayashi said. “Victims cannot detect any trace of the attacks.”

The new vulnerability exists in all builds of OpenSSL prior to versions OpenSSL 1.0.1 and 1.0.2 beta. Computers, tablets and mobile phones are all currently at risk as a result.

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 10 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.