Heartbleed Vulnerability Still Affects 200,000 Devices

Even though the number of services that are affected by the OpenSSL flaw also knows as Heartbleed has considerably decreased over the past decade, the Shodan search engine has still found more than 200,000 vulnerable devices.

The Heartbleed, tracked as CVE-2014-0160, is a very critical vulnerability which allows the hackers to steal information that is protected by the SSL/TLS encryption. Some researchers believe that this flaw is used in an attack where hackers stole 4.5 million healthcare records.

The search for vulnerable devices was conducted by Shodan in November 2015 and returned 238,000 results, those numbers dropped by roughly 1,000 by March 2016. A new search was carried out on this Sunday showed that there are 199,594 services which are still vulnerable to Heartbleed attacks.

Most of the affected devices are located in the United States (with 42,000), followed by South Korea (with 15,000), China (with 14,000), Germany (with 14,000), France, (with 8,700), Russia (with 6,600), UK (with 6,500), India (with 5,800), Brazil (with 5,500) and Italy (with 4,800). HTTPS accounts for a major part of the impacted services.

Initially, South Korea occupied the 8th place, but it now in the recent scans it became the second most affected country, apparently due to the devices operated by Boranet, SK Broadband and KT Corporation (formerly Korea Telecom).

The list of top affected organizations also includes Verizon Wireless, Amazon, OVH in France, German ISP Strato, Comcast, German hosting firm 1&1 Internet, and Taiwan-based HiNet.
Apache HTTP Server (httpd) is by far the most affected product, particularly versions 2.2.22 and 2.2.15, while the top operating system is Linux 3.x. Shodan also found that more than 70,000 of the affected services have expired SSL certificates.