Blog

“Bash Bug” The new and deadly cyber threat

Bash Bug - Cyber threat

“Bash bug” or “shell lock” a 22 years old bug recently revealed itself and hit the cyber world with flash. “Bash Bug” vulnerability is considered as more severe than “Heart Bleed (Discovered in April 2014)”. “Heart Bleed” security flaw have made millions of websites working over OpenSSL protocol vulnerable. Hackers can exploit sensitive data including passwords stored in online machines that are vulnerable to “Heart Bleed”.

However “Bash Bug” is a security flaw that is caused by widely used piece of Linux software known as “Bash”. According to ABC news

“Bash Bug” may pose a serious threat to millions of computers and other devices such as home Internet routers. Even the systems used to run factory floors and power plants could be affected.”

Which means every Unix based machine which is having Bash running is vulnerable. Now a day’s most of the applications are invoked via Bash as well. So a security threat might be there for exploiting all those applications even. Different vendors are working actively on this threat. Some of them have released patches for it and some are going to release soon.

Insights :

“Bash Bug” may enable hackers to take full control of your machine. YES!! by full control we mean all your saved information, your web communication, your webcam,each and every thing on your machine can be in control of hackers. Security experts claimed that end users who firewall enabled are on the safe end. Including those end users which are having Bash in machines but they are using some alternate tools.

However in case of server the criteria is totally different and it is a bigger threat for such machines. Any server machine which is running web services based on bash, any online product such as router, cameras, Photocopiers to name a few which are build on bash are vulnerable to such attacks. Hackers can take full control of such online machines because most of the web services are always in running mode and listening on different ports.

Different Security experts opinions:

Below are some of the quick responses from different security experts

1. Beardsley ( an engineering manager at cyber security firm Rapid7) said “Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera,”. 

2. The Department of Homeland Security’s United States Computer Emergency Readiness Team, orUS-CERT, issued an alert saying the vulnerability affected Unix-based operating systems including Linux and Apple Inc’s Mac OS X.

3. Chris Wysopal, (chief technology officer with security software maker Veracode)“We just don’t know how far this goes.”

4. Emanuele Gentili (Chief executive of Italian security consultancy) told inews. “A botnet with name of “Wopbot” is already very much active to infect servers. The “Wopbot” is searching the internet for vulnerbale machines including United States Department of Defense. “

We have found a botnet that runs on Linux servers, named “wopbot”, that uses the Bash Shellshock bug to auto-infect other servers,” Gentili said.

Vulnerability check on Bash ENABLED machines ?

Warning :

  • Before running this code save all your data on some place, specially for programmers.
  • Syntax may vary for some of Linux flavors.

Open the terminal window on your Linux Machine or Mac machine. Run the following command

env x='() { :;}; echo Hi, listen your ‘ bash -c ‘ is vulnerable ‘

What this code will do ?

Your bash shell will run more code after a function “() { :;};”, which shouldn’t be happening. After this function a user can put any malicious code to hack into machines.

How can you protect yourself ?

Some of vendors have already issued patches and some other vendors are working rigorously on it.

1.  Red Hat and Ubuntu, have already published patches for “Bash Bug” and we are sure Apple will also soon release an update for its users.

2. Personal and network based firewalls should be enabled on high priority for end users.

3. Network admin should ensure that they are updated with respective technology vendors in order to update live servers.

4. Keep a tight check on logs of IDS, IPS and Web servers till the time no patch is provided in market.

Apparently from the start of this year we have seen lots of Hacks and exploits. We strongly recommend our users to stay in touch with your technology vendors for patches. Get your infrastructure Pen tested at least twice a year.

Does all of that sound scary to you ? We suggest taking immediate precautions.

Let us know your thoughts about whether the Bash Bug can be a destructive threat and how you plan on protecting yourself against it.