Starting this week, numerous press release have popup all over the world about a serious security vulnerability just revealed in OpenSSL, named “Heartbleed”.
OpenSSL market is estimated at least to about 66% of web servers, companies like Yahoo!, Flick, Tumblr, Google, Facebook, dropbox, Oracle, Red Hat are relying on it.
As a reminder, SSL v2 library used in current Open AT Application Framework is relying on this fundamental security brick as well.
The OpenSSL Foundation, responsible of maintaining this community project, has performed a Security Advisory on April 7, 2014, commenting this threats and suggesting remedy to it.
Based on this, Sierra Wireless R&D team had perform a check and confirmed that SSL v2 library of Open AT Application Framework is not impacted.
The Heart Beat bug relates to a DTLS feature which is not part of SSL v2 feature set, so this parameter is natively disabled, as recommended in the Security advisory from the OpenSSL Foundation.
As a conclusion: none of Sierra Wireless customers will risk to be impacted by “Heartbleed”.
More information about “Heartbleed” on: http://heartbleed.com/