A graphic image of a security lock made of digital code, representing an OpenSSL.

A new vulnerability in OpenSSL may threaten internet security.

If you use the Internet, you use OpenSSL. It’s as simple as that. OpenSSL is the most frequently used software package when it comes to online data security. There’s just one problem. It may not be as secure as everyone thinks.

At least that is what researchers have discovered while looking for vulnerabilities in the extremely common security protocol. They referred to the vulnerability as a side channel attack.

What is this type of attack, and what is being done to protect your browser use?

What is a Side Channel Attack?

This type of attack allows a hacker to glean information regarding software through examining the use of a computer system. Some examples include how much of the system’s power is being used during activity or the timing in which the software is used.

Why is this ability to listen in on a computer so dangerous? Researchers were able to use this method to acquire the unique key that identifies who is using the computer. Does this have implications for your internet use?

What OpenSSL Vulnerability Means for Your Security

The fact is that hackers are unlikely to use this method to hack a computer at your home. Unfortunately, the reason for that is simply because there are many easier ways to hack a personal computer.

For businesses, we’ll just have to wait and see what kind of fix the researchers come up with, and hope that this exploit is deemed too time-consuming for most hackers who seem to be opportunists. After all, this type of hack doesn’t seem to be common, and OpenSSL has had this vulnerability for as long as it has been in existence.

While most manufacturers are sticking to their guns about this hack not being possible—but because it was repeated under controlled circumstance by the researchers, this was enough for the OpenSLL developers to start looking for a fix. In the meantime, it’s important to keep an eye out for potential attacks though this type of hack, no matter how unlikely it may be for someone to use it.