Did you know? Mobile devices affected by the heartbleed bug are everywhere. The now notorious heartbleed bug affects any Internet related device, not just servers. To that end, you should be aware of how this bug may impact your use of the Internet via a mobile device, such as a phone. As just one example, users of Cisco servers/apps may be exposed to the bug. Here is a quick rundown, thanks to security provider SilverSky and Singlehop:
- Work phone: At least four types of Cisco IP phones were affected. If the phones are not behind a protective network firewall, someone could use Heartbleed to tap into your phone’s memory banks. That would yield audio snippets of your conversation, your voicemail password and call log.
- Company video conference: Some versions of Cisco’s WebEx service are vulnerable. Hackers could grab images on the shared screen, audio and video too.
- VPN: Some versions of Juniper’s virtual private network service are compromised. If anyone tapped in, they could grab whatever is on your computer’s memory at the time. That includes entire sessions on email, banking, social media — you name it.
- Smartphone: To let employees access work files from their iPhones and Android devices, some companies opt for Cisco’s AnyConnect Secure Mobility Client app for iOS, which was impacted by Heartbleed. An outsider could have seen whatever you accessed with that app.
- Switches: One type of Cisco software that runs Internet switches is at risk. They’re notoriously hard to access, but they could let an outsider intercept traffic coming over the network.
Overall, the safety approach is to change your passwords and even potentially (if allowed) your user ID. Our team is continuing to evaluate best practices relative to the heartbleed bug.
Remember, if you want to test a site to see if it is affected, use this link: http://filippo.io/Heartbleed/