Many recall the Heartbleed vulnerability and its bleeding heart logo which was thrust into the public by a Finnish cyber security firm. Heartbleed, a bug which uses OpenSSL, has the ability to steal data like cookies and user passwords. An equally disturbing vulnerability recently emerged, this time known as Shellshock.
Shellshock, like Heartbleed, targets systems which run Linux. The open source operating system is not only popular among hobbyists, but it is also used in applications like smart objects. What makes Shellshock different is that it has the ability to take control of almost any infected OS rather than just steal information. The National Cyber Awareness system has even given it a score of 10, or the highest possible security risk score possible.
This along with the fact that the bug may be “wormable”, or able to self-replication, raises serious questions about the OS which many smart objects are built upon. While hacked Nest Thermostat may not seem like the biggest problem, the fact that the IoT is poised for significant growth means that devices will continue to grow in complexity and numbers. As the segment matures, the incentive for those with ulterior motives to exploit these devices will only grow.