The Heartbleed vulnerability is affecting devices as well as websites, with reports claiming that both routers and mobile devices could be affected by the flaw.
According to the Guardian, Cisco has confirmed that a number of its products are vulnerable, including desktop phones, video conferencing hardware and VPN software, while Belkin said that its routers, as well as those of its Linksys subsidiary, while neither Netgear nor BT have spoken publicly about whether or not their devices are vulnerable.
Commenting, Russ Spitler, vice president of product strategy at AlienVault, said: “Where you need to be concerned is the machines that you are connecting to that you require to be secure.The infrastructure between the home computer and the website you are trying to establish a secure connection to is of less importance, because they are not responsible for negotiating the secure communication, nor do they ever hold the secrets used to secure the communication. This means our home routers are really of little concern in terms of impact.”
Also according to security analyst Graham Cluley, millions of Android smartphones and tablets are at risk of being attacked, even though only one particular version of the software was at risk: Version 4.1.1 of Jellybean.
The Guardian reported that this flaw could affect tens of millions Android devices worldwide. Google has not disclosed how many devices are vulnerable, particularly with hundreds of millions of handsets in China running Android without Google services.
Although only 4.1.1 uses the vulnerable version of OpenSSL, the devices would be vulnerable to “reverse Heartbleed”, where a malicious server would be able to exploit the flaw in OpenSSL to grab data from the phone’s browser, which could include information about part sessions and logins.