Internet companies and digital makers have a new opponent in the form of a security flaw that has been touted as more threatening than the Heartbleed, which rocked security infrastructures a few months ago.
The vulnerability, also known as Shellshock bug, could result in servers and connected cameras being compromised, but in a manner much worse than Heartbleed’s impact, security experts believe.
Through this vulnerability, attackers are able to take over an operating system like Windows or Mac to gain unauthorized access to sensitive data by just executing a malicious code within the bash shell, which is accessible through a PC’s command prompt, or in the case of Mac computers, the terminal application.
The bug comes into play when some malicious players add an extra code into the lines of Bash code, and according to experts a great number of software programs run the Bash shell in the background, virtually hidden beyond our notice.
So why is this something more fearful than Heartbleed? Security experts says the Bash bug is capable of making interactions with some other programs in ways you least expect. Additionally, the sheer volume of software systems that connect with the Bash shell exacerbates the situation.
Like the Heartbleed, whose impact rendered hundreds of thousands of system vulnerable to it because it was difficult to take account of all the software that was susceptible to the bug, the Bash flaw also makes it hard for security professionals keep track of vulnerable software, thus many programs are likely to remain potential targets of hackers.
What are the devices that could be affected by the Bash bug? The potential targets include Linux, Unix and Mac OS X-running hardware. The bug has been in existence for quite a long time but it was only now that security researchers have discovered it.
The bug also poses threats to the budding adoption of the Internet of Things, in which home appliances are connected to mobile devices in a wireless network to interoperate them from a single system. Most connected devices are embedded with Bash scripts.
In April this year, the security world was disrupted by the discovery of the Heartbleed, a vulnerability that rendered the OpenSSL protocol of millions of websites exposed to attacks.
Security experts are now urging system administrators to patch the vulnerability on their devices in order to mitigate the impact of the Bash flaw even though its complexity is quite low.