The Washington Post

The Heartbleed situation just got a lot worse. It also affects routers.

A visitor walks past a Cisco advertising panel as she looks at her mobile phone at the Mobile World Congress in Barcelona February 27, 2014. (REUTERS/Albert Gea)

If you thought changing a few passwords would be enough to defeat the Heartbleed vulnerability — think again. The security bug also appears to affect networking hardware made by one of the world's largest manufacturers, Cisco.

Over a dozen Cisco products or services are thought to be vulnerable to Heartbleed, the company confirmed Thursday. The list includes videoconferencing products and a mobile client for Apple's iOS, among others. In addition, the Wall Street Journal reported Thursday that the Heartbleed bug extends to products made by Juniper Networks.

Because of the ubiquity of these manufacturers' equipment, particularly among businesses, it appears the threat posed by Heartbleed isn't diminishing anytime soon. Addressing the vulnerability will likely require replacing the bad hardware altogether — a potentially costly and laborious process, security analyst Bruce Schneier told the Wall Street Journal. Even then, many of the available models likely went to market before Heartbleed had ever been discovered, so those may also be unpatched.

As many as 65 other Cisco products are being investigated for evidence of the bug, the company said.

The security vulnerability takes place in an encryption protocol known as OpenSSL, a technology that many businesses use to protect sensitive information such as usernames and passwords. For many consumers, Heartbleed means their credentials are at risk of being stolen. Google, Yahoo, Facebook and other tech companies scrambled this week to patch their services. If you're a customer of one of these companies and you haven't changed your passwords, do it now

Unfortunately, the fact that major networking companies have also succumbed to the flaw suggests that we have a bigger problem on our hands than a few new passwords can fix.

Brian Fung covers technology for The Washington Post, focusing on telecommunications and the Internet. Before joining the Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.
Show Comments

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.