This page displays one of MarketingTrendTracker’s many current trends.

Shellshock Bug a "Serious Threat" to Internet of Things

Trend Summary: Cybersecurity professionals are scrambling to identify and patch an open source-code flaw that could seriously affect the "Internet of Things".


The much-hyped "Internet of Things" could be under threat from "Shellshock", a recently uncovered computer bug that could enable hackers to take control of hundreds of millions of devices all over the world. According to the IT security community, the flaw affects "Bash" - open source code used in Unix-based systems since the 1980s. Significantly, Bash is built in at the operating system level and serves as a direct route to controlling systems such as the ...

... much hyped "Internet of Things"

Bash is also used by Apple’s Mac operating system as well as Linux systems and internet servers relied upon by governments, banks and the military.

According to Bogdan Botezatu, senior e-threat analyst at cybersecurity specialist BitDefender: "A significant part of the internet is running Linux or UNIX-based versions of an operating system that includes the Bash shell."

"These Unix-based web servers often run CGI scripts that rely on Bash for functionality, therefore any attack against these scripts could result in exploitation and, subsequently, allow a hacker to remotely own the machine."

Arguably of even greater significance is the verdict of the US National Institute of Standards and Technology's National Vulnerability Database, which rates the vulnerability as a "10" on a scale from one to 10, both regarding impacts and exploitability.

Meantime, cybersecurity specialist Trend Micro opines that the threat could be a bigger deal than Heartbleed, a vulnerability discovered earlier this year in a widely used open source encryption library.

"One of the big differences between this and Heartbleed is that you get to totally control the computer you manage to exploit because the bug is at the operating system level," says Tod Beardsley, engineering security manager with cybersecurity firm Rapid7, whereas Heartbleed could only be used to steal information.

Warns Reno, Nevada-based Dara Security: "if one thing can prevent the Internet of Things from transforming the way we live and work, it will be a breakdown in security"

Read the original unabridged WashingtonPost.com article.

[Estimated timeframe: Q3 2014 onward]

All data sources are attributed with links to the original insight. The insight is then summarised and, where appropriate, enhanced with additional information.

... much hyped "Internet of Things"

Bash is also used by Apple’s Mac operating system as well as Linux systems and internet servers relied upon by governments, banks and the military.

According to Bogdan Botezatu, senior e-threat analyst at cybersecurity specialist BitDefender: "A significant part of the internet is running Linux or UNIX-based versions of an operating system that includes the Bash shell."

"These Unix-based web servers often run CGI scripts that rely on Bash for functionality, therefore any attack against these scripts could result in exploitation and, subsequently, allow a hacker to remotely own the machine."

Arguably of even greater significance is the verdict of the US National Institute of Standards and Technology's National Vulnerability Database, which rates the vulnerability as a "10" on a scale from one to 10, both regarding impacts and exploitability.

Meantime, cybersecurity specialist Trend Micro opines that the threat could be a bigger deal than Heartbleed, a vulnerability discovered earlier this year in a widely used open source encryption library.

"One of the big differences between this and Heartbleed is that you get to totally control the computer you manage to exploit because the bug is at the operating system level," says Tod Beardsley, engineering security manager with cybersecurity firm Rapid7, whereas Heartbleed could only be used to steal information.

Warns Reno, Nevada-based Dara Security: "if one thing can prevent the Internet of Things from transforming the way we live and work, it will be a breakdown in security"

Read the original unabridged WashingtonPost.com article.

[Estimated timeframe: Q3 2014 onward]

All data sources are attributed with links to the original insight. The insight is then summarised and, where appropriate, enhanced with additional information.

Source: WashingtonPost.com
MTT insight URL: https://www.marketingtrendtracker.com/article.aspx?id=6412