Not only servers but also home routers are vulnerable due to the Heartbleed bug in encryption software OpenSSL. Unfortunately consumers are often unable to test whether they are vulnerable or not, according to security experts.
The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by encryption used to secure the Internet. OpenSSL provides communication security and privacy over the Internet for applications such as online banking, credit-card payments, instant messaging and more.
On affected systems anyone connected can read the memory of the systems running the vulnerable versions of the OpenSSL software. This way they are able to compromise encryption keys, usernames and password and everything else stored in memory. Attackers can also eavesdrop on communication, steal data and impersonate services and users.
Servers owners are advised to update the affected OpenSSL software but consumers have to depend on security patches released by router manufacturers. Although servers are more attractive to hackers, malware developers might also be interested in attacking home routers.
Most consumers will be unable to check whether their router uses the vulnerable OpenSSL version. It's up to the manufacturer of the router to make an update available. Fortunately home routers are less easy to reveal sensitive data as they contain less memory. Nevertheless, security experts recommend consumers to disable the remote management feature of their router.
