The technology world has spent the weekend reeling from the news that the Shellshock security threat could have left networks – including Bitcoin – and end-user devices alike vulnerable.
Shellshock lets attackers remotely access victims’ computers through the Bash command line shell for Unix and Linux, and also has the potential to infect end-user devices including those running iOS.
Shellshock has been around for the past 25 years. It’s a security flaw in the Bash shell that lets code held in certain variables to be executed immediately and without the victim’s knowledge. That code could give attackers deep level access to the system as well as any data they want to harvest.
Many Linux-based computers are susceptible, as are a wide range of other devices such as routers, network connected storage systems, and devices that can be programmed via the Internet.
Trend Micro warns that the bug is widespread, has the potential to do significant damage, and requires little–to–no technical knowledge to exploit. Because Linux powers over half the servers on the Internet, Android phones, and the majority of devices in the Internet of Things (IoT) the reach of this is very broad.
Also, because Bitcoin Core is controlled by Bash, this vulnerability can impact Bitcoin miners and other Bitcoin related systems, making them potentially a very attractive target to attackers.
Trend says the company is already seeing attacks in the wild.
Some Linux distributions have released a patch that provides a partial solution to this bug, and Trend-urges users to deploy these patches as quickly as possible, standing ready to deploy another patch once developers and researchers confirm a patch with complete coverage for the vulnerability. Fixes for Android phones and other devices will have to come from the manufacturers.
