Heartbleed OpenSSL Bug Is Still Alive And Kicking & Affects 200,000 Services

The notorious Heartbleed vulnerability is still very much at large nearly three years after it was first discovered, according to new data provided by Internet of Things search engine Shodan.

Shodan’s data analysis has revealed that nearly 200,000 (198,564) services are still at risk from the OpenSSL bug, with those residing on HTTPS being by far the most vulnerable.

The data will make for uncomfortable reading for security professionals, with little progress seemingly having been made from over a year ago when the flaw was still prevalent among connected devices.

Still at large

In terms of countries, the US is leading the way with 42,032 vulnerabilities, followed by South Korea (15,380) and China (14,116). The UK currently lies in seventh place with 6,491 systems and services still at risk.

South Korea-based SK Broadband takes the unenviable position of being the organisation hosting the largest amount of vulnerable systems (6,367) followed by Amazon and Verizon Wireless with 5,163 and 4,347 vulnerabilities respectively.

Just under 75,000 of the systems still vulnerable to Heartbleed are using expired SSL certificates and 1,654 are running the Linux 3.x operating system, with Linux being the most prevalent OS at risk.

Heartbleed completely changed the game for SSL security, causing widespread panic in the months after its discovery in 2014 and affecting a mass of organisations, from web forum Mumsnet to US hospital operator Community Health Systems.

Heartbleed specifically affects OpenSSL, an open source technology that is widely used by websites and applications to safeguard customer data, by allowing allow an attacker to acquire encryption keys from web servers.

Open source companies have since taken steps to protect against a similar incident taking place. In June 2015 the Linux Foundation invested $452,000 (£362,000) in three open source security projects and more recently launched a $500,000 (£350,000) fund to boost security in open source software.

Were you concentrating in 2016? Take our security quiz and find out!

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

US Supreme Court Rejects X’s Trump Appeal

US Supreme Court declines to hear appeal from X, formerly Twitter, over nondisclosure order attached…

17 hours ago

US Judge Orders Google To Allow Android App Store Competition

US federal judge orders Google to undertake wide range of measures allowing third-party app stores…

18 hours ago

Ukraine Hackers Disrupt Russian Broadcaster On Putin’s Birthday

Ukrainian hackers disrupt online services of Russian state broadcaster VGTRK on Vladimir Putin's birthday, amidst…

18 hours ago

Amazon Antitrust Case Gets Go-Ahead In US Court

US federal judge says FTC and 18 states may proceed with landmark Amazon antitrust case,…

19 hours ago

Huawei Ditches Android Apps With HarmonyOS Next

Sanctioned Huawei formally launches HarmonyOS Next on smartphones, tablets as it builds new ecosystem around…

19 hours ago

ESA Sends Hera Probe Into Space On Planetary Defence Mission

European Space Agency launches Hera mission from Florida to follow up on NASA asteroid impact…

20 hours ago