Shellshock: The IoT’s Equivalent of Heartbleed?

All Posts

Many recall the Heartbleed vulnerability and its bleeding heart logo which was thrust into the public by a Finnish cyber security firm. Heartbleed, a bug which uses OpenSSL, has the ability to steal data like cookies and user passwords. An equally disturbing vulnerability recently emerged, this time known as Shellshock.


Heartbleed, a logo which has become synonymous with Linux based vulnerabilities

Shellshock, like Heartbleed, targets systems which run Linux. The open source operating system is not only popular among hobbyists, but it is also used in applications like smart objects. What makes Shellshock different is that it has the ability to take control of almost any infected OS rather than just steal information. The National Cyber Awareness system has even given it a score of 10, or the highest possible security risk score possible.

This along with the fact that the bug may be “wormable”, or able to self-replication, raises serious questions about the OS which many smart objects are built upon. While hacked Nest Thermostat  may not seem like the biggest problem, the fact that the IoT is poised for significant growth means that devices will continue to grow in complexity and numbers. As the segment matures, the incentive for those with ulterior motives to exploit these devices will only grow.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s