While there’s been a big focus on the Heartbleed Bug and what individuals should do to protect themselves, the truth is the bug has a wider reach than just websites. Companies have some work to do to make sure they’re protected.
It was reported in a recent CNN article that technology companies Cisco and Juniper have been reviewing dozens of devices to determine their vulnerability to the bug. So far they have identified two dozen networking devices affected by Heartbleed. That list includes servers, routers, switches, phones and video cameras used by businesses everywhere.
That revelation means that for the last two years, hackers could have been tapping calls, voicemails, emails and entire sessions on a work computer or iPhone. Here’s a list of vulnerable devices provided by researchers at security provider SivlerSky and Singlehop:
- Work phone: At least four types of Cisco IP phones were affected. If the phones are not behind a protective network firewall, someone could use Heartbleed to tap into your phone's memory banks. That would yield audio snippets of your conversation, your voicemail password and call log.
- Company video conference: Some versions of Cisco's WebEx service are vulnerable. Hackers could grab images on the shared screen, audio and video too.
- VPN: Some versions of Juniper's virtual private network service are compromised. If anyone tapped in, they could grab whatever is on your computer's memory at the time. That includes entire sessions on email, banking, social media — you name it.
- Smartphone: To let employees access work files from their iPhones and Android devices, some companies opt for Cisco's AnyConnect Secure Mobility Client app for iOS, which was impacted by Heartbleed. An outsider could have seen whatever you accessed with that app.
- Switches: One type of Cisco software that runs Internet switches is at risk. They're notoriously hard to access, but they could let an outsider intercept traffic coming over the network.
While technology companies are working diligently to provide software updates to affect products, the onus is on each company using those devices to download the patches and update the products they’re using. With SMB companies less likely to upgrade devices, that means they could be exposing themselves to hackers for a very long time.
How has your company responded to the Heartbleed bug? Is it concerned that it has been hacked? Leave your comments below.