Several well-known Irish websites are vulnerable to attack by the Heartbleed bug, according to Cork-based software company Trend Micro.
Discovered at the start of this month, Heartbleed bypasses the encryption that normally protects data as it is sent between computers and servers, leaving personal and sensitive data vulnerable. The Canada Revenue Agency has already been breached by a hacker, who leveraged the newly discovered bug to steal the social insurance numbers of 900 taxpayers.
Trend Micro carried out a scan of the million most popular sites in the world – including 600 Irish websites – to see the effect of the Heartbleed bug. It found almost 11 per cent of Irish sites on the list, more than 60, were vulnerable to attack – with several household names among them.
Trend Micro senior threat researcher Robert McArdle said the Heartbleed vulnerability woke the world up to just how much the internet is part of everyone’s daily lives, and just how damaging things can be when it is under attack.
“Unlike most computer attacks that target end users, Heartbleed affects the sites we use every day – and to make matters even worse – it specifically affects those we consider most secure, and with whom we most trust our data.”
The company has released free scanning tools for computers and mobile devices to verify if they are communicating with servers compromised by the Heartbleed bug. The solutions, Heartbleed Detector, a Chrome browser plug-in, and an Android mobile app, are accessible in the Chrome Web Store and Google Play app store.
The Heartbleed Detector can check apps on a user's smartphone and the servers they communicate with, to determine if installed apps are vulnerable to the OpenSSL bug.
"With in-app purchases and financial transactions on mobile devices becoming the norm, we felt it was vital to offer users a solution designed to enable users to continue operating their devices without worry," Dervla Mannion, vice-president at Trend Micro EMEA, said.
She said a number of Irish sites were vulnerable to the bug as they had not patched the security flaw correctly on their servers.
She said the Heartbleed bug is a problem that may never entirely go away, adding that mobile apps are just as vulnerable to attack.