Heartbleed in 2017 – an examination.

17 May, 2017

mediaTest digital and CIPHRON investigate the phenomenon “Heartbleed”.

The vulnerability in OpenSSL named Heartbleed [CVE-2014-0160] still exists three years after their discovery. The two companies from Hanover CIPHRON and mediaTest digital have made it their business to prove the occurrence of the program error in a comprehensive investigation.
Heartbleed stands for a glaring error in the Crypthography Library OpenSSL, that provides SSL or TLS for authentication and encryption over networks. In 2014, the discovery of the security vulnerability caused a lot of excitement, as it allows the complete memory of the affected server to be read out within the affected network and, if the service is connected to the Internet, beyond that.

Procedure in the investigation of the data stock for Heartbleed

CIPHRON and mediaTest digital use a comprehensive analysis of their customer base to determine to what extent the vulnerability still occurs today and which apps are affected by it. Heartbleed does not underestimate the risk of suffering massive data loss when using an affected app and thus harming its users and customers.

Based on the extensive database of mediaTest digital – more than 60,000 app tests (Android and iOS) – IP addresses and URLs to which these apps connect were read. In addition to tracking services that collect user data, these include the backends that are required to use the apps.

Results of the study on Heartbleed

Only those services that use TLS or SSL encryption and authentication are relevant for the search for heartbleed events. After cleaning up the duplicate IP addresses, a total of 74,978 individual servers could be scanned. Only 0.13 percent – 96 percent of the servers examined – showed a heartbleed vulnerability that was not fixed three years after the vulnerability was discovered.

Occurrence of the OpenSSL vulnerability “Heartbleed” in 2017, based on the data stock of mediaTest digitalThe 96 affected servers were subjected to a more detailed check by CIPHRON and mediaTest digital. The result: A large part of the affected servers are located in the Far East, 34 servers alone have to be localized in China. Nevertheless, some servers used by German- and English-language apps have been identified, including a German fitness app and an app that processes patient data.

All providers, the affected services and apps have been informed digitally about the findings by CIPHRON and mediaTest. To date, however, only a few people have responded by pointing to the existing vulnerability in their applications.
When it comes to Heartbleed, smartphone users don’t have to worry about their data security, as most providers have switched to content delivery networks (such as Cloudflare). As a result, most of the apps on the server side are no longer affected.

Additional investigation of samba vulnerability DOUBLEPULSAR

CIPHRON and mediaTest digital have also checked the data stock for the Samba vulnerability in accordance with the Heartbleed investigation. This vulnerability is a back door from the NSA, which became known in the course of the current NSA leaks and exploits the vulnerability “ETERNAL BLUE” in Samba. The backdoor “DOUBLEPULSAR” can be implemented via this gap. This vulnerability recently caused a worldwide sensation in the “WannaCry” incident – Ransomware, for example.

During the investigation, an affected server could be identified. The provider has not yet reacted to the find. Since the app, whose server shows anomalies, has not been updated for more than five years, it can be assumed that the provider no longer actively supports the app.

Do you have questions about these and other topics around IT security and app security? Please feel free to contact the experts of mediaTest digital and CIPHRON:

Wulf Bolte (CTO, mediaTest digital) et al.:
– SaaS Solution for Mobile Application Management (Appvisory)
– App-Security Audits
– Automatic App White- and Blacklisting incl. MDM-Integration

Karsten Kai König (Information Security Consultant, Ciphron) et al.:
– Penetration Tests
– Code Reviews

 

CHECKLIST
5 Tips for a secure app selection

Use our checklist to make your own decisions about the use of certain apps in the future. Backed up with tips and explanations, it will help you in the decision-making and app approval process.

App-Auswahl Checkliste sicherer Freigabeprozess

These news might also interest you

Jitsi Meet – A Safe Alternative to Zoom and Co.

Jitsi Meet – A Safe Alternative to Zoom and Co.

The video conferencing tool "Jitsi Meet" in a data privacy and usability test   Ever since the Corona outbreak, video conferencing tools such as Zoom and Microsoft Teams have become indispensable in the modern workplace. They enable vis-à-vis conversations and...

Avoiding Cyber Attacks: A 10-step guide for businesses

Avoiding Cyber Attacks: A 10-step guide for businesses

The Russian attack on Ukraine is not only sending uncertainty and fear around the world – it also poses concrete dangers in the form of cyber attacks for cyber security in Europe and Germany. Here’s how companies can protect themselves:

You might also be interested in:

Whitepaper how secure is the iOS operating system

Whitepaper: How secure is iOS?

For a long time, the myth was that Apple devices are always secure. Lately, however, Apple seems to be losing its status as an impregnable fortress. Learn how to avoid the risks in our 12-page whitepaper.

Reface App and Co. – How dangerous are deepfake apps?

Reface App and Co. – How dangerous are deepfake apps?

Reface app in data privacy test A quick swap - and your own face on Vin Diesel's body is already smiling out of the camera. The fact that this is possible is due to the Reface app, a so-called deepfake application that has quickly conquered the top 10 download charts...

The best WhatsApp alternatives at a glance

The best WhatsApp alternatives at a glance

WhatsApp privacy under criticism again As of February 08, 2021, Facebook is updating its privacy policy on WhatsApp, leading to great uncertainty and criticism from users, not to mention a mass exodus to alternative messengers like Signal, Telegram oder Threema....

Press contact

Karina Quentin | PR & Communication

press@appvisory.com
Telefon +49 (0)511 35 39 94 22
Fax +49 (0)511 35 39 94-12

Newsletter

Exclusive tips and news about apps and mobile security