ARTICLE
12 April 2014

OpenSSL Reveals Significant Security Flaw

RS
Reed Smith (Worldwide)

Contributor

Reed Smith (Worldwide) logo
Reed Smith is a dynamic international law firm helping clients move their businesses forward. By delivering smart, creative legal services, we enrich clients' experiences with us and support achievement of their business goals. Our longstanding relationships and collaborative structure enable the speedy resolution of complex disputes, transactions, and regulatory matters.
On 7 April, OpenSSL released a Security Advisory exposing a flaw which, if exploited, would allow hackers to reveal communications between servers and the computers of Internet users.
United Kingdom Privacy

On 7 April, OpenSSL released a Security Advisory exposing a flaw which, if exploited, would allow hackers to reveal communications between servers and the computers of Internet users.

OpenSSL is the most popular open source encryption service on the Internet, and is used by a large number of commercial and private service providers, including many social medial sites, email providers and instant messaging platforms.  The tool is used to encrypt information passed between Internet users and website operators, and the encrypted communication should have only been capable of being decrypted by the particular service provider.

When exploited, the security flaw, dubbed “Heartbleed”, revealed the encryption keys of service providers using the system. Once decrypted, the hackers essentially had unrestricted access to the communications.  OpenSSL has released an update to address the security flaw; however, service providers will find it impossible to assess whether the security of their systems has been compromised, making the situation particularly serious. In addition, the update will only protect future communications, and therefore any that may have already been intercepted will remain vulnerable.

Internet users are being advised to change all of their passwords, and in particular those for important services such as Internet banking.

The security flaw is likely to raise data protection issues for organisations, and it may behoove users of OpenSSL to take a proactive approach to communicating with their customers about security issues.  Those organisations that have suffered a security breach may be under a duty to notify individuals, and could be subject to adverse publicity, as well as litigation and regulatory investigation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More