Shellshock: What is it and what can be done to stop the bug?


Oscar Williams-Grut
Friday 26 September 2014 15:46

The UK’s national cyber-security response team, Cert-UK, has warned that a bug dubbed Shellshock has the "highest possible threat ratings… for both impact and exploitability" and could be targeting the security of hundreds of millions of websites.

What is Shellshock?

Shellshock is a mistake in the code of a program called Bash, which is typically installed on non-Windows operating systems such as Mac, Unix and Linux. The bug allows hackers to send commands to a computer without having admin status, letting them plant malicious software within systems.

Could it be used to steal my financial details?

Yes. If banks or online retailers use older, “mainframe”-style computing systems, they are likely to be vulnerable. Home routers and modems could also be targeted as a way to get to PCs and laptops.

Are there any indications it has already been exploited?

It’s too early to tell. However, authorities fear a deluge of attacks could soon emerge. The US government has rated the security flaw 10 out of 10 for severity.

What can be done to solve it?

Security experts around the world are now rushing to find a fix for the bug, but the widespread and varied use of Bash means there won’t be a single solution. Individual organisations and companies such as Apple will develop patches for their own systems.

What can I do to protect against it?

Experts recommend not using credit cards or disclosing personal information online for the next few days. Usual precautions are also recommended such as updating anti-virus software and not visiting dodgy websites.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments