Heartbleed: Private crypto keys can be extracted from vulnerable servers

The recently discovered Heartbleed bug can be exploited to obtain private encryption keys from vulnerable websites, Web services firm CloudFlare confirmed late on Friday.

The company has been testing its own systems since they were first informed about the vulnerability and patched it, but “have been unable to successfully use Heartbleed on a vulnerable server to retrieve any private key data.”

They wisely refrained from saying that it was impossible, though, and have decided to launch the Heartbleed Challenge. They provided a website vulnerable to the flaw on a nginx server with a vulnerable version of OpenSSL, and have invited researchers to try to get the private key from it.

By the end of the day, they received two valid submissions: one by software engineer Fedor Indutny, and the other by Ilkka Mattila at NCSC-FI. The former sent over 2.5 million requests to the website over the course of the day, and the latter around a hundred thousand requests during the same period.

On Saturday two more challengers were successful: Rubin Xu, PhD student in the Security group of Cambridge University, and security researcher Ben Murphy.

“We confirmed that all individuals used only the Heartbleed exploit to obtain the private key,” CloudFlare software engineer and security architect Nick Sullivan confirmed in a blog post, and added that they might have been helped by the company rebooting the server during the testing period, “which may have caused the key to be available in uninitiallized heap memory.”

In the days following the publication of the challenge, several more individuals managed to get the private keys. Some of them published the code they used to do it.

“Vulnerabilities like this one are challenging because people have imperfect information about the risks they pose. It is important that the community works together to identify the real risks and work towards a safer Internet,” he noted in a previous post.

Well-known security researcher Dan Kaminsky wrote on Saturday that he believed that “noisy but turnkey solutions” for private key extraction “will be in the field in the coming weeks.”

“Patch immediately, particularly the systems exposed to the outside world, and don’t just worry about HTTP. Find anything moving SSL, particularly your SSL VPNs, prioritizing on open inbound, any TCP port,” he advised system administrators and CISOs. “Cycle your certs if you have them, you’re going to lose them, you may have already, we don’t know. But patch, even if there’s self signed certs, this is a generic Information Leakage in all sorts of apps. If there is no patch and probably won’t ever be, look at putting a TLS proxy in front of the endpoint. Pretty sure stunnel4 can do this for you.”