CUPID —The New Heartbleed
The Heartbleed SSL Bug, one of the most serious vulnerabilities to ever hit the Internet,caused problems for enterprise wireless and wired networks about two months ago. Since then, it has been patched and dealt with. Or so we thought. Now, a similar vulnerability is causing problems — CUPID.
CUPID uses the same exploit as the Heartbleed Bug, but occurs in data intercepted between Android devices and WiFi routers.
It exploits the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them. It plucks passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients.
A client attacking a router doesn’t require a password. The clients that are vulnerable are handsets running versions 4.1.0 and 4.1.1 of Google’s Android mobile operating system. CUPID attacks Android devices via a WiFi network, and can affect other connected devices such as desktops, VoIP devices, printers, and more.
Everyone, and every business using online devices are at risk.