By Trent Sharpe
Anyone affected by the hacking of Cloud data storage services may well feel more exposed now with revelations of a dangerous bug in most everyday ‘smart devices’.
The bug, known as Shellshock, was discovered in Bash, the command line interface for Linux and Unix-based operating systems and has already affected millions of computers by allowing hackers access to sensitive information.
Bash has been used for 25 years on computer and smartphones, with both users and developers unaware of the hole in the software.
The software runs actions on a computer by inputting text, rather than clicking a mouse, and runs in the background when the computer is being used.
The bug allows a remote user to run commands, or even install and execute code very easily, making not just computers, but pretty much any ‘smart device’ vulnerable to unauthorised access.
Shellshock is said to be as severe as the Heartbleed exploit revealed in April this year which meant that private keys and passwords were available from servers using OpenSSL at the time.
However, those with experience in IT like Elliott Nieves, believe that Shellshock poses a larger threat than Heartbleed.
Mr Nieves said that Heartbleed affected up to two years’ worth of OpenSSL versions, which is nothing in comparison to Shellshock’s potential impact.
“Shellshock works on the full 25 years’ worth of Bash versions,” said Mr. Nieves.
“This code has been sitting there unnoticed since 1989!”
Murdoch IT services employee Stephen Head says the Shellshock bug is a big security risk to the servers at Murdoch and could mean that vital information is accessed by unauthorised users.
“As a result [of the Shellshock bug] all servers which are internet facing, as well as hosts locally on the Murdoch network are possibly vulnerable to a local malicious user,” said Mr. Head.
With Shellshock so new, it is difficult to gauge the severity of the impact, but it is assumed that any number of confidential documents could be leaked.
Mr Nieves says it is up to the imagination of the individual and how proactive the administrators are with regards to security which will determine the impact of the bug.
He suggested that to prevent any unwarranted intrusion the best course of action is to update software and patches that will stop the leak in Bash.
“The rate at which this bug is becoming known both publicly and within the industry is unprecedented, and that will ensure affected systems are patched as soon as possible,” said Mr Nieves.