A recently discovered security bug could let hackers take control of consumers’ computer systems with little effort, Reuters reported.
The bug is a part of the Bash software that works with the computer’s operating system, and lets users to send commands or perform tasks without using a mouse or touching the screen. Hackers can exploit a vulnerability in Bash by simply cutting and pasting a line of code into the targeted the system, bypassing any security measures. Once inside, hackers can commandeer a user’s computer, make changes to settings, and extract confidential information from stored files.
Cybersecurity experts warn the Bash bug could be more devastating than the Heartbleed bug discovered in April. Heartbleed exposed millions of usernames, passwords and financial information through a hole in the encryption code used by two-thirds of the world’s websites. In one case, hackers were able to steal 4.5 million patient medical records because of Heartbleed. But hackers could only peek into consumers’ computers, not control them.
Bash is potentially more severe because it could affect not only the millions of Unix, Chromebooks and Apple’s Mac OS X computers, but also invade other everyday smart devices such as refrigerators, cameras and even cars, CNNMoney reported. Devices that use the Internet often use the Bash software to help with simple functions such as turning the device on and off.
Open source software firm Red Hat issued a warning on the bug, labeling it as urgent case in which “catastrophic issues which severely impact the mission-critical operations of an organization.”
Red Hat and other Linux distributors have already begun issuing patches for the bug but experts worry that patches out now are incomplete, leaving customers vulnerable.
“No two systems are affected the same way here. Upgrade Bash and don’t mess around,” Red Hat’s Bressers told ThreatPost. “Even if you think you’re OK, you’re probably not.”
Security concerns have swelled with breaches becoming more common and affecting more people. Big box retailers such as Target and more recently Home Depot have been prime examples of how pervasive one cyberattack can be. In early September, Apple’s iCloud storage service was recently breached by hackers targeting celebrity accounts and leaking nude photos online. Apple vowed to improve its security measures and released a patch for a known security flaw that could have exposed users’ data.
The spike in large scale security events has also given rise to identity theft. But as mobile devices, wearable technology, and smart appliances continue to become more entangled in everyday life with, security experts fear that technology is expanding without a thought to how problems like Bash can be sufficiently fixed.
“This is [the] problem with the ‘Internet of Things,’” Robert Graham, a cybersecurity expert told CNNMoney. “We’re putting all these things on the Internet without any expectation of actually patching them in the future.”