5 Huge Security Bugs In Major Protocols
Even if we don’t know the first thing about computers, we all want to know that we’re safe when we’re using them in our homes or at work. Computers end up containing a lot of personal and financial information, and it can be devastating when that information falls into the wrong hands.
Hackers have been able to exploit a lot of vulnerabilities in hardware and software over the years, causing some of the biggest data breaches ever seen. When discovered, these bugs are typically patched instantly, but a lot of damage can be done in that time. Here are five instances of huge security bugs in major protocols causing international problems.
EternalBlue
A vast majority of people around the world rely on Microsoft Windows to keep them safe when using their personal computers. Because of this, there is a lot of testing done to make sure that Windows is secure, and one of the biggest exploits that have ever been found came in 2016, which was able to attack Windows computers. Chinese hackers were found using the EternalBlue exploit to remotely hack PCs thanks to a Server Message Block vulnerability.
It was learned that 2016 wasn’t when EternalBlue was developed, but rather when it was first used maliciously. The exploit was designed by the US National Security Agency, with Microsoft knowing nothing about it until the hacks were underway. Microsoft quickly developed a patch to combat the exploit that had affected pretty much every Windows operating system.
HP Printers
When we think about internet security, our brains immediately turn to our personal computers, laptops, and cell phones. Very rarely do we think about printers as being able to be exploited because of a bug, but it turned out that we should’ve been worried all along. In 2011, an RCE vulnerability was found in Hewlett-Packard printers that allowed hackers to access the printer’s information remotely.
Not only did this bug let the hackers obtain the private information of the users, but it also allowed them to turn these printers into a weapon of sorts. The bug caused many of the HP printers to catch fire, even though HP refuted these claims. A company spokesman said that the reports of the bug causing fires was “false” and that the printers “have a hardware element called a ‘thermal breaker’ that is designed to prevent the fuser from overheating or causing a fire.”
Adobe
North Korea and South Korea have been at odds for many years, and due to the lack of physical fighting between the two, both sides have launched a lot of cyber attacks. One of the biggest exploits came via the Adobe Flash player when North Korean hackers exploited a vulnerability and collect a lot of personal information from South Korean targets.
The bug was known as CVE-2018-4878, and seemed like a harmless file when it was sent via email. As long as the person that was using their computer opened Adobe Flash through any source (i.e. webpage, Microsoft Office, etc.), then the targeting was successful. Thankfully, Adobe was able to catch wind of this bug and patched it within a day, allowing South Koreans to browse safely once again.
Heartbleed
Back in February 2012, Heartbleed became a security bug that would end up being talked about for more than two years before it was finally discovered and patched within a week during early April 2014. The bug affected millions of websites that were using Transport Layer Security and caused an overload in allowed data. Even after the patch was released, there were still hundreds of thousands of websites affected for months.
Thankfully, the number has dropped to almost nothing ever since then, but a lot of damage was caused along the way. Private keys were revealed on some pretty popular websites including Reddit, Pinterest, SoundCloud, Tumblr, and many more. Social security numbers and many other pieces of information were leaked before Heartbleed was shut down.
Shellshock/Bashdoor
Have you ever been in a situation where you seemingly lost control of your computer and it felt like a ghost was in charge of it? You may have been one of the many people affected by the Shellshock security bug that was discovered in 2014 after affecting many people. Interestingly enough, the bug was introduced in the late 1980s but took a while to shut down.
Those that were using Unix systems were the ones exploited by this bug, with macOS and Linux users being the biggest targets. The patches were implemented shortly after the bug was discovered, leaving many to wonder why it was able to go untouched for so long.