Heartbleed: how widespread is it?

Leendert van Duijn Jan-Willem Selij

June 1, 2014

Abstract

The Heartbleed bug caused many servers on the internet to bevulnerable for data extraction. The response of most service main-tainers is extensive enough to provide an update to patch this vul-nerability. Besides servers, there are also a lot of embedded devicesrunning a stripped down operating system version. This could includethe OpenSSL library which makes them potentially vulnerable. Mostvendors responded adequately by listing the products that are vul-nerable with the possibility to update them or apply a workaround.However, not all devices will get updated because they might not besupported anymore. This leaves a number of them vulnerable forever.This research focuses on getting an image of how widespread this is-sue is among embedded devices. Many consumer products won’t beupgraded due to the lack of patches or awareness on how to updatethe device. Results show that a lot of vendors did not update theOpenSSL library to the vulnerable version, but might be susceptibleto other exploits in earlier versions. The vendors that did update alsotook the effort to fix this issue in most cases.

I

Contents

1 Introduction 1

2 Related Work 1

3 Research Questions 1

4 Attack surfaces 2

5 Method 3

6 Findings 46.1 Apple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46.2 Asus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46.3 ASUSTOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56.4 Belkin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56.5 Bose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56.6 Buffalo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56.7 Dune . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56.8 D-Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66.9 Foscam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66.10 FRITZ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86.11 Huawei . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86.12 Iconbit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86.13 Sweex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96.14 Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

6.14.1 DD-WRT . . . . . . . . . . . . . . . . . . . . . . . . . 106.14.2 OpenWRT . . . . . . . . . . . . . . . . . . . . . . . . . 106.14.3 Tomato . . . . . . . . . . . . . . . . . . . . . . . . . . 11

7 Mitigation and prevention of the attack 12

8 Conclusion 14

9 Future work 14

A Bose Home Entertainment System firmware extraction 19

B Sweex consumer router firmware extraction 21

II

1 Introduction

The Heartbleed bug[1] is used to expose private data. A lot of servers,desktops and other devices that use the OpenSSL library will have patchesavailable. While they do not always get applied, there are still a lot of devicesthat can not be upgraded anymore because support ceased. Since the exploitis not limited to only HTTPS but any service that uses SSL, with heartbeatfunctionality enabled, the attack space greatly increases. This can includededicated software such has VMware ESX(i) or embedded devices that offerremote management (iDRAC, IPMI, etc.) or routers and switches.

We have selected this subject to show what the impact of this bug is onIT infrastructure, due to the significant social impact and the danger it posesto not only the providers but also users. This makes it invaluable to gatherinformation concerning the spread, and gain insight into what can be doneto resolve it for all affected parties.

2 Related Work

All public statements about the bug can be considered as related work butmakes too long of a list to display here.

The official OpenSSL advisory describes the flaw[1].The Computer Emergency Response Team has a knowledgebase article

about the Heartbleed vulnerability [2]. This includes a list of vendors thatare possibly affected. However, this list is incomplete and not up-to-datesince multiple vendors listed already released a public statement.

CloudFlare investigated if private keys can be extracted. It was con-sidered unlikely[3], but proved to be possible through the challenge theyproposed[4].

The exposure to this bug also spawned tools to extract private keys (orother data)[5][6]

3 Research Questions

• How widespread is the issue caused by Heartbleed in non-HTTPS ser-vices on embedded devices?

• What services and devices use potentially affected software?

• What mitigation is there for the users of vulnerable systems?

1

4 Attack surfaces

There a several services which use SSL, and can be vulnerable to the Heart-bleed attack if they meet the right conditions.

• Using the OpenSSL library

• Using a version between 1.0.1 to 1.0.1f inclusive

• Having Heartbeat enabled during compilation, as per default

Software that use SSL include services like

• SMTPS

• IMAPS

• POP3S

• S/MIME

• FTP

• Java (e.g. Tomcat)

• Networked file systems (e.g. Samba, sNFS)

• Logging services (e.g. syslogd)

• Nameservers (e.g. bind)

• Proxy (e.g. squid, nginx)

• RADIUS (e.g. freeradius)

• Transfer utilities (e.g. curl, wget)

• VPN (e.g. OpenVPN, OpenConnect)

• SIP (e.g. Asterisk)

• IM (e.g. Jabber, XMPP)

• Database (e.g. MariaDB)

• Tor

• stunnel

• IRC

2

5 Method

There are a few methods on how the OpenSSL library version can be deter-mined for a particular product.

• Vendor publications A lot of publicly known vendors released a pub-lic statement about the vulnerability. Some of them hide this behinda portal where only registered customers can login. In general terms,most of them went so far of going through all of their current prod-ucts and provide a list of which are affected and provide directions onhow to apply an upgrade or perform a workaround. These lists do notalways include End Of Life (EOL) devices. Not all vendors releaseda statement, but could still be using the affected version. The listedproducts will be omitted and only products that don’t fall under anygeneral statement or non-listed EOL devices will be looked at.

• Vendor supplied source Vendors can have a page dedicated to theproduct where a download link for the source code is provided. Eventhough some firmware releases fall under GPL the source code is notalways available. The package usually consists of the source code itselfand a toolchain to build a complete firmware, sometimes with the re-quirement to add some additional source for other packages. The sourcecode provided should give a good indication about what OpenSSL ver-sion is used.

• Vendor supplied binaries If no source code is available, a firmwareimage itself might be provided by the vendor. This image can be pack-aged in several ways. Utilities such as binwalk to determine the lay-out and 7z, unsquashfs or firmware-mod-kit to extract any filesystemsfrom the image. These filesystems can include SquashFS, Yet AnotherFilesystem (YAFFS), Journaling Flash Filesystem (JFFS) or CramFSwhich can be extracted for further file analysis.

• File carving on filesystems If no filesystem can be extracted filecarving can be used as last resort. Firmware images might be encryptedwhich can only be decrypted by the device using a key stored on thedevice. A proprietary format may also be used which increases thedifficulty of extraction. Utilities such as strings or hexdump can beused to reveal any ASCII or Unicode-based strings present in the image,possibly indicating if the software is using a particular version, if at all.

3

6 Findings

There are several SSL libaries available, ranging from free open source toproprietary. It is likely that among those devices that do incorperate SSLconnectivity there are those using non-OpenSSL implementations. It is alsopossible to encounter more than one SSL implementation or version used bya single device, with a diverse selection of software and plugins determiningdependencies.

There are a lot of vendors which released potentially vulnerable devices.This list is grouped by brand in alphabetical order.

6.1 Apple

The Apple AirPort Base Station used a vulnerable version of OpenSSL. Ap-ple released a patch and notice of conditions required to be vulnerable ontheir website[7]. The notice reveals that, in order to be vulnerable, specificsupporting features need to be enabled. Should a user choose not to upgradethe firmware these features should be disabled to reduce overall risk.

6.2 Asus

Asus has a notification on their website stating that their wireless productsare not vulnerable to the Heartbleed bug. In their statement they note theirproducts use OpenSSL version 1.0.0b, and are planning an upgrade to anewer, safer version.

When checking their statement against source code they offer for severalof their devices, some small inconsistencies were encountered. However, thefindings do conclude they are not vulnerable to Heartbleed.

RT-AC66u

This product1 should not be vulnerable to the Heartbleed bug, as stated bythe notice linked to from the device FAQ.

Looking into the released source of the GPL RT AC66U 30043745517.zip

reveals several OpenSSL versions:

release/src/router/openssl (OpenSSL 1.0.0d)

release/src/router/rom/packages/openssl\_0.9.7m-5\ _mipsel.ipk

release/src/router/rom/packages/openssl\_0.9.8v-2\ _arm.ipk

Listing 1: Multiple OpenSSL versions

1http://www.asus.com/Networking/RTAC66U/

4

None of these versions are vulnerable, as ASUS stated in their changelog.Of note is that two older versions are also present in the archive.

RP-N53, DSL-N66U, NAS M25

For these devices, the FAQ entry concerning Heartbleed leads to the same no-tice. Inspection of the latest available source reveals the use of older versionsof OpenSSL.

These devices have references in the source code to 0.9.7, 0.9.8e, 1.0.0dand 1.0.0e.

The Asus software that was inspected shows they were indeed not vul-nerable to Heartbleed, though their notice does seem to be too general forall of their products regarding to mentioned details.

6.3 ASUSTOR

ASUSTOR has stated their products do not use affected OpenSSL versions,[8]

6.4 Belkin

Belkin has stated their products are not affected by Heartbleed[9]

6.5 Bose

Bose offers the Lifestyle line of products which consists of speakers and areceiver. The receiver firmware can be updated. The OpenSSL version theyare using is 0.9.8 which is not vulnerable. The full analysis of this firmwarecan be found in appendix A.

6.6 Buffalo

Buffalo has stated that products running their own firmware are unaffected byHeartbleed. However, they warn that some of their older products (runningDD-WRT) might be affected[10]. Chapter 6.14.1 applies here.

6.7 Dune

Dune HD offers media players and set-top boxes. They use GPL-based soft-ware and offer a source archive for these images. They have not made a publicstatement regarding Heartbleed. However, analysis reveals their products arenot vulnerable to it.

5

The archive is available from their firmware zone2. Unpacking the filesreveal the OpenSSL versions they use are 0.9.8g and 0.9.8l. Neither one ofthem are vulnerable.

6.8 D-Link

D-Link has posted a response to the security advisory. In this advisory theyreveal which devices use OpenSSL, and which ones are vulnerable. Of the50+ listed devices only 2 are vulnerable. Both having firmware updatesavailable[11].

6.9 Foscam

Foscam produces IP cameras, which will give access to privacy sensitivedata/video when compromised.

There is no mention of the Heartbleed bug on their official website, neithera press release nor otherwise. This was checked by using their own websitessearch bar, and a second opinion using Google (site:foscam.us heartbleed).

There are multiple devices being maintained. Several several firmwaredownloads were looked at3.

• System firmware version:1.2.1.1

App firmware version:1.4.1.13

Web version:2.0.1.1

Plug-in version:2.0.1.4

This firmware can be used on the FI9801W and FI9802W devices.

tar -tvf FI980102W_app_ver1.4.1.13.bin

-rw-rw-r-- foscam/foscam 7144358 2013-07-25 03:29 ./app.tar.gz

-rwxrwxrwx foscam/foscam 986 2013-07-22 05:21 ./FWUpgradeConfig.xml

-rw-rw-r-- foscam/foscam 103 2013-07-25 03:29 ./fwupgrade.md5

The firmware image consists of nested tar archives and configurationand executable files. Though no direct signs of an SSL library can befound there is a reference to OpenSSL in lighttpd: libssl.so.1.0.0.

The firmware image does not appear to use a vulnerable version ofOpenSSL. Version 1.0.0 was released prior to the introduction of thebug.

2http://dune-hd.com/eng/support/firmware_zone/113http://www.foscam.com/down3.aspx

6

• System firmware version: 11.22.2.51

Web UI version: 2.4.10.5

This firmware consists of two binary .bin files. These appear to bearchives, but it is unknown which decoder should be used. Runningcarving software on the files does recover a ZIP archive, which canthen be extraced revealing a linux.bin and several other files. Thesefiles include images and a DLL file, which on closer inspection usingobjdump should be DVM IPCAM2.OCX

The Export Tables (interpreted .rdata section contents):

Export Flags 0

Time/Date stamp 4df18d0e

Major/Minor 0/0

Name 00017b40 DVM_IPCAM2.OCX

Ordinal Base 1

Lacking the time to fully reverse engineer the archive format and havinginspected all carved files, grep was used to fall back to case insensitivestring searching. This was feasible since the carved data was not com-pressed within the archive.

For both of the archive files no results were found when searching for theterm openssl, indicating no uncompressed/unencrypted references/im-plementations are present.

• System firmware version: V3.2.6.1.1-20120807

Web UI version: 98.5.20.4

This firmware is meant for the FI9820W device and is packed in a.pkg file. The file format could not be identified. Carving revealsa number of GIF-files, and binwalk suggests presence of JFFS2 filesystems. However, extracting data was not successful.

Falling back to case insensitive string search revealed no traces on theterm openssl.

• System firmware version: 11.37.2.56

Web UI version: 2.4.10.10

This firmware is used for FI8910W FI8910E FI8916W FI8918W FI8918Edevices.

7

It is stored in the same format as the 11.22.2.51 firmware. Likewise,no indication of openssl could be found using a string search.

• System firmware version: 1.4.1.8

App firmware version: 2.13.1.5

Plug-in version: 2.0.2.10

This firmware version is suited to the FI9828W device.

The files contains the Salted header, indicating OpenSSL encryptionusing a passphrase. Lacking a proper password and decryption settingsno information was retrieved.

Our limited findings in regards to Foscam cameras suggest that theirproducts could use older OpenSSL versions not vulnerable to the Heartbleedbug. Due to the limited success in accessing firmware image contents thereis no conclusive answer. Especially since there is no official statement thisstays unconfirmed.

6.10 FRITZ!

The FRITZ!Box devices are not vulnerable according to AVM, the companybehind the FRITZ!Box[12].

6.11 Huawei

The Huawei company has a wide range of products, a number of which theyhave released have been affected by Heartbleed, though patches are nowavailable or in active development[13].

6.12 Iconbit

Iconbit offers several media and network devices, they have not made a publicstatement regarding Heartbleed.

Networking

Of their networking devices the XDR10DVBT Mediaplayer was updated in early2013. The extraced firmware reveals multiple programs relying on OpenSSL.The latest version number refered to as being 1.0.0. These references werefound by running grep over all available files, which where obtained via bin-walk.

8

Their storage device I-STOR IS02GL was updated in April 2013, and againreferences OpenSSL were found. The latest version is not vulnerable at 0.9.8.

These devices indicate a trend for their networking lines using pre-1.0.1OpenSSL versions.

Smartphones

Inspection of their latest smartphone firmware image, specifically for theMercury LX smartphone, a new version of OpenSSL appears. Within thefile system.img multiple references to OpenSSL version 1.0.1c appear. Thisversion can be vulnerable to Heartbleed.

This firmware image, the latest at the time of writing, dates to May20th of 2014, after the Heartbleed bug was publicly acknowledged. In orderto explain the vulnerable versions presence the timestamps were inspectedin the ZIP archive containing the firmware and updating software. Thesetimestamps show that even though the update is more recent, the systemimages for the smartphone date back to November 2013.

drwxa-- 2.0 fat 0 b- stor 14-May-20 13:30 fmwx/

-rw-a-- 2.0 fat 452231636 b- defN 13-Nov-11 10:40 fmwx/system.img

-rw-a-- 2.0 fat 512 b- defN 13-Nov-08 14:49 fmwx/MBR

-rw-a-- 2.0 fat 512 b- defN 13-Nov-08 14:51 fmwx/EBR1

-rw-a-- 2.0 fat 8364264 b- defN 13-Nov-08 14:50 fmwx/cache.img

-rw-a-- 2.0 fat 69123840 b- defN 13-Nov-08 14:51 fmwx/userdata.img

-rw-a-- 2.0 fat 4667392 b- defN 13-Nov-08 14:51 fmwx/boot.img

6.13 Sweex

Sweex recently went bankrupt (10-04-2014), previously selling access points,modems, routers and switches. They do not provide a public statementabout the Heartbleed bug. Anything from before December 31, 2011 is notworth looking at. The official website does not provide any easily accessibleinformation, such as the exact release date of their products. The driversand/or firmware are usually available.

The website does offer a product catalogue. The catalogue for 2013 prod-ucts points to the one from 2012 so it is assumed they did not release anythingnew [14]. They did not offer any recent networking equipment such as routersor modems as indicated by their catalogue for 2014 [15].

All OpenSSL versions used are within the 0.9.8 branch. Some firmwareversions have multiple, namely OpenSSL 0.9.8a, 0.9.8d, 0.9.8e or 0.9.8g. Seefor the full extraction method in appendix B

9

Product Versions usedLW160 0.9.8a, 0.9.8d, 0.9.8e, 0.9.8gLW161 0.9.8a, 0.9.8d, 0.9.8e, 0.9.8gLW320 0.9.8a, 0.9.8d, 0.9.8e, 0.9.8gLW321 0.9.8a

Table 1: Sweex 2012 router products

6.14 Miscellaneous

There are several projects developing firmware for routers. These can beinstalled on several devices and often provide other, if not more, featuresthan the vendors do. Both consumers and vendors can install these systems,though the complexity of installation and hardware support can vary perdevice revision.

6.14.1 DD-WRT

The DD-WRT4 project uses OpenSSL, and has had regular updates. As suchtheir images have used vulnerable versions. By default none of the featuresusing OpenSSL are enabled[16].

The posts on the forums indicate that the newest builds are no longervulnerable, as one forum member has sought out[17]:

code65536 Thu Apr 10, 2014

Any DD-WRT build after (and including) 19163 has the flaw,and any build after (and including) 23882 has the fix

Due to the potential downtime in upgrading custom firmware, users shouldconsider disabling affected features prior to the upgrade to cover any delay.

6.14.2 OpenWRT

The OpenWRT firmware does not use OpenSSL by default as indicated bya post on the mailing list

John Crispin john at phrozen.org Thu Apr 10 22:45:13 CEST, 2014

Note that default OpenWrt installations are not vulnerable to theparticular bug, neither the builtin SSH server nor the optionalLuCI SSL support rely on OpenSSL for cryptography.

4http://www.dd-wrt.com

10

The OpenSSL library is not installed within the stock imagesavailable on the download server.

The SSH server and optional web interface LuCI do not rely on the library,and is also not installed by default. They recommend updating the pckageif it’s installed for another package that requires it.

6.14.3 Tomato

Tomato is also alternative for certain routers. The main project ceased de-velopment in 2010 and therefore is not vulnerable. However, there are stillsome “modificiations” still actively being developed. There are a few popularmodifications5, namely Victek (RAF), Shibby and Toastman.

• Victek

The Victek firmware is based on Tomato USB and has some extra func-tionality. The Beta changelog[18] states that this firmware is vulnerablefrom version 1.1k onwards and before, which is patched in 9014-v1.3c:

Up to Version 1.1kOpenSSl release 1.0.1c

Release 9014-v1.3c April 22, 2014Openssl updated to version 1.0.1g*

• Shibby

This modification is vulnerable from

From version 092[19]

- OpenSSL update from 1.0.0d to 1.0.1-stable including allteddy‘s patches/changes

A fix appeared with 117[20]:

- Update openssl to version 1.0.1g to fix the problem withheartbleed

• Toastman

There is no real clear changelog of all releases, which makes the in-troduction release of the bug unknown. It was patched in version1.28.0504[21]:

5http://tomatousb.org/links

11

April 13 2014 - 1.28.0504 and variants

- quick fix for heartbleed bug from Easy Tomato! Thanksguys...

In short, this table shows the results.

Modification Bug introduced Patched Patch dateVictek (RAF) Everything 9014-v1.3c April 22, 2014Shibby From 092 onward 117 April 14, 2014Toastman Unknown 1.28.0504 April 13, 2014

Table 2: Tomato modifications, bug introduction and patch version

7 Mitigation and prevention of the attack

Apply update The easiest way to mitigate this attack is to apply an update.The vulnerability is patched in version 1.0.1g. It is possible the vulnerabilityalready has been exploited and so passwords and private keys should bechanged.

It depends per-vendor how responsive they are with issuing updates.Some EOL products probably won’t get updates anymore and are stuck withan older version forever. Even though some devices are old, some vendorssuch as Synology still decided to bring out a patch for their EOL devices. Forexample, the Synology model DS109 was introduced in 2009. The OpenSSLlibrary was upgraded to 1.0.1c in 2012 with a firmware update, then patchedfor Heartbleed in 2014 [22]. This is more than 5 years after the originalintroduction.

Other vendors don’t update their devices as much, leaving them withversions in the 0.9.8 branch. They are not vulnerable for Heartbleed, butpossibly are susceptible for other attacks.

Disable Heartbeat Extension The bug relies on the heartbeat extension,so OpenSSL can be recompiled with the -DOPENSSL NO HEARTBEATS flag todisable the feature. However, this is not always an option because ven-dors don’t always provide the full source code for embedded devices such asswitches or IP camera’s. Besides having access to the source code a work-ing toolchain is mandatory. Devices that are consumer oriented are usuallyused by consumers with limited technical knowledge on how to update thefirmware, let alone recompiling software.

12

PFS Enabling Perfect Forward Secrecy ensures that when either private keyis compromised any encrypted traffic passively recorded cannot be decrypted,however once a private key is compromized an attacker could impersonatethe authentic party. Furthermore, the leaking of data is not strictly limitedto the private key used for encryption of traffic. Information in memory atthe time of the attack may be compromised, such as credentials used duringa login process.

Detecting and preventing the attack If stopping the attack on the deviceitself is not possible, it can be either detected and/or stopped by other means.Earlier IDS rules triggered on |18 03| to identify a heartbeat message pat-tern. However, this does not always work. Since TCP is a streaming protocolthese bytes could also show up later, defeating the rule. The heartleech util-ity especially makes sure it won’t show up using this method[23][24]. IDSessuch as Snort and Suricata use pattern matching which will not work forevery case. IDSes that use protocol analysis, such as Bro6 will be able todetect this[25].

There are also some iptables rules available which claim to block all heart-beat queries using the u32 (--u32) filter[26]. However, this raises the sameproblem as with pattern-based IDSes; it will not work for all cases. It isnoted that it should only be used as a temporary fix.

6http://www.bro.org/

13

8 Conclusion

• How widespread is the issue caused by Heartbleed in non-HTTPS ser-vices on embedded devices?

It appears that even though Heartbleed is an issue, most embedded de-vices are not affected. Most vendors do use a version of the OpenSSLlibrary and there appears to be a trend for older, pre-Hearbleed ver-sions.

• What services and devices use potentially affected software?

The kind of devices that were found varied from routers, to file servers,cameras and even phones. As such any device with modern networkingcapabilities could be affected. Among the devices we investigated themost predominant use of OpenSSL seems to be with the webinterface.

• What mitigation is there for the users of vulnerable systems?

In order to prevent abuse of a vulnerable device the only truly effectivesolution would be to patch it, workarounds are available but are notalways effective and costly to implement.

Out of the devices tested only Iconbit does not have patches available.Other vendors have responded to the issue and made them available online.

9 Future work

• Monitoring software versions in active use The active versionson hardware are not research in depth. A comparison between vendorscan be done to see which versions of software are in active use.

• Vendors using older versions Results of the research show thatquite a few vendors are using older versions of the OpenSSL library. Itis interesting to know what the reason behind this is. This could be aconsequence of the effort it takes for a company to update all firmwareimages with the new version with all the testing that comes with it.However, a lot of projects driven by the community do not seem tohave much issues with this. Also, some vendors do put an effort inactively updating their products.

• Users updating their devices In the case of patches being easilyavailable, the question arises if users will actually update their devices.There is a distinction to be made between users in a company and

14

consumers. A company that pays attention to security also makes aneffort in updating their devices. The easiness of updating the devicesmay play a role here, besides the knowledge. Consumer devices usuallyhave an update functionality built in, but the ease of use differs pervendor. Awareness of security issues can be another point to consider.

15

References

[1] OpenSSL. Tls heartbeat read overrun (cve-2014-0160). http://www.

openssl.org/news/secadv_20140407.txt, 2014.

[2] CERT. Openssl tls heartbeat extension read overflow discloses sensitiveinformation. http://www.kb.cert.org/vuls/id/720951, 2014.

[3] CloudFlare. Answering the critical question: Can you get pri-vate ssl keys using heartbleed? http://blog.cloudflare.com/

answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed/,2014.

[4] ArsTechnica. Private crypto keys are accessible to heartbleed hack-ers, new data shows. http://arstechnica.com/security/2014/04/

private-crypto-keys-are-accessible-to-heartbleed-hackers-new-data-shows/,2014.

[5] Fedor Indutny (indutny). Extracting server private key using heartbleedopenssl vulnerability. https://github.com/indutny/heartbleed,2014.

[6] Robert David Graham (robertdavidgraham). heartleech. https://

github.com/robertdavidgraham/heartleech, 2014.

[7] Apple. Airport base station firmware update 7.7.3. http://support.

apple.com/kb/HT6203, 2014.

[8] ASUSTOR. Asustor nas devices not affected by openssl heartbleed bug.http://www.asustor.com/news/news_detail?id=3811, 2014.

[9] Belkin. Heartbleed openssl vulnerability. http://www.belkin.com/us/support-article?articleNum=105634, 2014.

[10] Buffalo. Buffalo technology nas products un-affected by ‘heartbleed’ bug. http://www.

buffalo-technology.com/en/media/press-releases/article/

buffalo-technology-nas-products-unaffected-by-heartbleed-bug/,2014.

[11] D-Link. Openssl security vulnerability - aka.

[12] FRITZ! Fehler in openssl 1.0.1f – fritz!-produkte nicht betrof-fen. http://www.avm.de/de/News/artikel/2014/open_ssl_fbox_

nicht_betroffen.html, 2014.

16

[13] Huawei. Security advisory-openssl heartbeat extension vul-nerability (heartbleed bug) on huawei multiple products.http://www.huawei.com/en/security/psirt/security-bulletins/

security-advisories/hw-332187.htm, 2014.

[14] Sweex. Product catalogue 2012. http://www.sweex.com/userfiles/

sw_cat_web_2012.pdf, 2012.

[15] Sweex. Product catalogue 2013. http://www.sweex.com/userfiles/

sw_cat_web_2013.pdf, 2013.

[16] DD-WRT. Heartbleed & dd-wrt/dd-wrt onlineservices. http://www.dd-wrt.com/site/content/

heartbleed-dd-wrtdd-wrt-online-services, 2014.

[17] code65536. Dd-wrt forum :: View topic - build 14929 and heartbleed.http://www.dd-wrt.com/phpBB2/viewtopic.php?t=260186, 2014.

[18] Victek. Beta raf. http://victek.is-a-geek.com/Repositorios/

Beta_RAF/READ%20BEFORE%20YOU%20DOWNLOAD%20ANY%20TEST%

20VERSION.txt, 2014.

[19] Shibby. Changelog (ang.). http://tomato.groov.pl/?page_id=78,2014.

[20] Shibby. [release] tomato v117 security update – part 1. http://tomato.groov.pl/?p=595, 2014.

[21] Toastman. Toastman releases — page 26 — linksysinfo.org. http:

//www.linksysinfo.org/index.php?threads/toastman-releases.

36106/page-26#post-243731, 2014.

[22] Synology. Ds109 release notes. http://www.synology.com/en-global/releaseNote/model/DS109, 2014.

[23] Robert David Graham. Heartleech discussion. https://github.com/

robertdavidgraham/heartleech#discussion, 2014.

[24] Robert David Graham. Fun with ids funtime #3:heartbleed. http://blog.erratasec.com/2014/04/

fun-with-ids-funtime-3-heartbleed.html, 2014.

[25] Bernhard. Detecting the heartbleed bug using bro. http://blog.bro.

org/2014/04/detecting-heartbleed-bug-using-bro.html, 2014.

17

[26] Fabien Bourdaire <lists () ecsc co uk>. Re: heartbleed openssl bug cve-2014-0160. http://seclists.org/fulldisclosure/2014/Apr/109,2014.

[27] Bose. Home entertainment systems update application. http:

//worldwide.bose.com/downloads/en/web/home_entertainment_

system_overview/page.html, 2014.

18

A Bose Home Entertainment System firmware

extraction

The updater is provided on the support page of Bose[27].The updater is aimed at Windows-based systems, concluding from the

executable extension: Bose System Updater.exe. This launches the BoseControl Console Update Application. According to the EULA this coversthe following products:

• Lifestyle R© 135 Home Entertainment System

• Lifestyle R© 235 Home Entertainment System

• Lifestyle R© V35 Home Entertainment System

• Lifestyle R© V25 Home Entertainment System

• Lifestyle R© T20 Home Theater System

• Lifestyle R© T10 Home Theater System

• VideoWave R© Entertainment System

The support page also notes that this includes the Lifestyle 525 and 535models

It requires an USB-stick to put the firmware on. However, the applicationfailed to see this device while using a virtualized Windows 8 guest.

The updater executable is an LZMA archive as indicated by 7z, and so isable to read the contents:

$ 7z l Bose_System_Updater.exe

...

2011 -07 -14 15:32:16 Microsoft.VC80.CRT/msvcr80.dll

2011 -09 -15 18:20:48 StartAppMain.exe

2011 -07 -14 15:32:16 cacert.pem

2011 -09 -15 18:20:49 Microsoft.VC80.CRT

2011 -09 -15 18:20:49 imageformats

------------------- ------------------------

41 files , 2 folders

Listing 2: Executable contents (attribute and size columns omitted)

19

After running the application a file called lifestyle is created whichcontains XML. This lists all the different hardware revisions and firmwareimages. Even though there are different revisions listed, they all point to thesame image. The updater does not include any firmware itself but presum-ably downloads this using the URLs provided in the XML document. Thisfile is deleted when the application closes.

<?xml version="1.0" encoding="UTF -8"?>

<HARDWARE REVISION="00.01.00">

<PATTERNMATCH >

<REGEX MATCH="\bDEF_CON_ [0 -9][0 -9]\.[0 -9][0 -9]\.[A-Z0

-9][A-Z0 -9]\.r[0 -9]*\. bos\b" SUBID="0" />

<REGEX MATCH="\bDEF_IR_ [0 -9]+\.[0 -9]+\.[0 -9]+\.[0 -9]+ -[

DP ][12]\.[ bo][ol][sd]\b" SUBID="1" />

</PATTERNMATCH >

<RELEASE REVISION="02.05.00" URLPATH="/downloads/assets/

updates/bose_console/" HTTPHOST="worldwide.bose.com">

<IMAGE REVISION="02.05.00" SUBID="0" FILENAME="

DEF_CON_02 .05.00. r12686.bos" CRC="0xa004d3fd" LENGTH

="103662200" />

<IMAGE REVISION="5.3.19.0" SUBID="1" FILENAME="DEF_IR_5

.3.19.0 -P2.old" CRC="0x5b3c2379" LENGTH="4448920" />

</RELEASE >

</HARDWARE >

Listing 3: lifestyle XML document excerpt

The firmware download URL is reconstructable from his information:

worldwide.bose.com/downloads/assets/updates/bose_console/

DEF_CON_02 .05.00. r12686.bos

Listing 4: Reconstructed firmware image URL

binwalk incorrectly lists a few entries as LZMA files, as 7z was not ableto extract it. In addition to this there was a squashfs filesystem image.This contains a few libraries and a big file called update.exe. This containsLZMA files too and more squashfs images. This contains directories (bin,boot, dev, etc.) and includes OpenSSL:

$ find . -iname "*ssl*"

./usr/lib/libssl.so .0.9.8

20

B Sweex consumer router firmware extrac-

tion

Routers

• LW160 The “Drivers & Firmware” page offers LW160 Sourcecode.zip

of 229.23 MB. This zip file contains LW160 Sourcecode.rar.

$ find . -iname "*ssl*"

./ap91fus/apps/wpa2/doc/openssl-modified.tgz

./ap91fus/apps/wpa2/doc/openssl-0.9.8g.tar.gz

./ap91fus/apps/wpa2/wpa_supplicant/openssl-tls-extensions.patch

./ap91fus/apps/wpa2/wpa_supplicant/openssl-0.9.8e-tls-extensions.patch

./ap91fus/apps/wpa2/wpa_supplicant/openssl-0.9.8d-tls-extensions.patch

...

./apps/wpa/wsc/lib/openssl-0.9.8a

There are references to OpenSSL 0.9.8a, 0.9.8d, 0.9.8e and 0.9.8g.

• LW161 The “Drivers & Firmware” page offers LW161 Sourcecode.rar

of 233.20 MB.

$ find . -iname "*ssl*"

./ GPLSourcecode for LW161/ap91fus/apps/wpa2/doc/openssl -

modified.tgz

./ GPLSourcecode for LW161/ap91fus/apps/wpa2/doc/openssl

-0.9.8g.tar.gz

./ GPLSourcecode for LW161/ap91fus/apps/wpa2/

wpa_supplicant/openssl -tls -extensions.patch

./ GPLSourcecode for LW161/ap91fus/apps/wpa2/

wpa_supplicant/openssl -0.9.8e-tls -extensions.patch

./ GPLSourcecode for LW161/ap91fus/apps/wpa2/

wpa_supplicant/openssl -0.9.8d-tls -extensions.patch

...

./ GPLSourcecode for LW161/apps/wpa/wsc/lib/openssl -0.9.8a

There are references to OpenSSL 0.9.8a, 0.9.8d, 0.9.8e and 0.9.8g.

• LW320 The “Drivers & Firmware” page offers LW320 Sourcecode.zip

of 269.53 MB. This zip file contains LW320 Sourcecode.rar.

$ find . -iname "*ssl*"

./ap99/apps/wpa2/doc/openssl -modified.tgz

./ap99/apps/wpa2/doc/openssl -0.9.8g.tar.gz

21

./ap99/apps/wpa2/wpa_supplicant/openssl -tls -extensions.

patch

./ap99/apps/wpa2/wpa_supplicant/openssl -0.9.8e-tls -

extensions.patch

./ap99/apps/wpa2/wpa_supplicant/openssl -0.9.8d-tls -

extensions.patch

./ap99/apps/wpa2/original/openssl -modified.tgz

./ap99/apps/wpa2/original/openssl -0.9.8g.tar.gz

./apps/wpa/hostapd -0.4.8/ tls_openssl.c

./apps/wpa/wsc/lib/openssl -0.9.8a

...

There are references to OpenSSL 0.9.8a, 0.9.8d, 0.9.8e and 0.9.8g.

• LW321 This product is not listed in the catalogue but present on thewebsite. The “Drivers & Firmware” page offers LW321 Sourcecode.rar

of 273.26 MB.

$ find . -iname "*ssl*"

...

./ GPLSourcecode for LW321/apps/wpa/wsc/lib/openssl -0.9.8a

/ssl

...

This indicates usages of OpenSSL 0.9.8a.

22