Are you protected from Shellshock?
This is the latest computer security vulnerability that you may also see called ’the Bash bug’. Whilst not technically a Virus or a Trojan, it is potentially far more dangerous. It is unusual in that it attacks devices which are running UNIX based systems such as Linux. Previously these systems have been perceived as more secure.
You may think no problem I run a Windows system and an Android phone. But, what about the CCTV system you are using to protect your office? I hate to upset you but many devices are vulnerable. This bug can enable the hackers to take control of your devices.
Which devices are in danger?
- Linux is used in many devices such as cars, WiFI Routers and cameras
- Android (this is based on Unix),
- IBM and Apple Mac OS X machines
For once Windows machines are less vulnerable as they don’t have ‘Bash’ as standard but even here you might have installed Software that includes Bash.
The LawSkills Monthly Digest
Subscribe to our comprehensive Monthly Digest for insightful feedback on Wills, Probate, Trusts, Tax and Elderly & Vulnerable client matters
Not complicated to read | Requires no internet searching | Simply an informative pdf emailed to your inbox including practice points & tips
Subscribe now for monthly insightful feedback on key issues.
All for only £98 + VAT per year.
The bug can be used to control the device and also the system. Linux is used in things like camera and cars. Hackers will be able to gain access to all devices in a person’s office or home. It is therefore not just one device on which you may get the bug, its presence will enable the hacker to access all your network connected devices. The use of the net is how they will be getting access. Imagine if your bank details were online. What about the CCTV of your office you use to monitor when you are at home. This could be posted online so the hackers are telling the world that your office is empty and it may be a good time for those with bad intentions to visit.
It differs from Heartbleed that used to let the hacker view information flowing from the PC. This allows the hacker to control the information, which is far more frightening.
What is BASH? It stands for Bourne Again SHell.
It is what’s called a command-line shell that lets users control software programs and features. The bug allows hackers to send commands to a computer without having admin status, letting them plant malicious software within systems
Commands are sent to these programs by typing text into a particular area of code. This area is typically restricted to programmers and website owners, but the Bash bug leaves it open to attack from anyone.
How are your devices likely to pick it up?
The only solution is to update every device that is vulnerable with a patch and this can only be done by website or server owners. Changing your password will not solve the problem.
You have virus protection and your firewall but this is not enough as Shellshock can still get in. For example, it may be on a website that you visit that is running Linux but as a user you will see nothing when you visit the site however the malicious code will have gained access to your machine and network.
If your bank uses an old style mainframe you are at risk; or, alternatively, it may get in through the router or modem.
How can you protect yourself and your business?
You need to make sure that you are updating all your PC fixes so if you are busy and tempted not to run your Windows update this is the time to allow that irritating message telling you to shut down so it can update your PC. Make sure that you have updated your virus software and be very careful which websites you visit.
Companies are scrambling to update their software against this issue but it is anticipated that it will take ages for all devices to be updated and protected so be careful what information you share and the use of your credit card online.
FREE monthly newsletter
Wills | Probate | Trusts | Tax | Elderly & Vulnerable Client
- Relevant learning and development opportunities
- News, articles and LawSkills’ services
- Communications which help you find appropriate training in your area