The has left hundreds of millions of computers potentially vulnerable to a cyberattack. While the bug poses the biggest threat to web and email servers, it could affect the personal devices of Mac users, experts say.
It’s early days yet and the number of devices that are at risk is not yet clear. However, cyber security experts have some simple tips for protecting personal information.
What can happen?
The bug allows a hacker to gain access to and have full control of a vulnerable machine, says Eric Neufeld, technical services manager at 365 iT Solutions in Toronto.
A hacker would be able not only to access personal information, but also install software that could be used to send out spam or viruses to other devices.
The hacker “would literally have full control over the machine,” Neufeld told CTVNews.ca in a telephone interview.
Limit your exposure
Because cyber security experts are still trying to figure out Shellshock, the full scope of the threat remains unclear. However, the biggest threat it poses right now is to servers, such as web servers or email servers, because it affects the operating system on which they run: Linux.
“If it’s a server that is being hacked, there’s not much a layperson can do about that aside from using security best practices, like using a password manager to keep different passwords with different web services,” Neufeld says.
“So if one of the websites that you do frequent gets attacked, then it limits your exposure because you’re not using the same password everywhere.”
Right now, web masters are in overdrive, checking their software and installing the patch for the bug that is currently available. Because the patch is considered incomplete, they will have to remain on the lookout for further updates.
The average person who will be most affected by Shellshock is the Mac user. Because the bug affects Apple’s OS X, Mac users’ personal devices are potentially at risk.
While a patch has been issued for Linux and other operating systems, Apple has yet to issue a fix for its devices.
Ultimately, the average user should “check their gear,” says Andy Walker, senior strategist at Cyberwalker Digital.
“So if you’re really concerned, I would be figuring out what technology you use, figuring out who makes the software and then going to their website and seeing what the manufacturer, what the software maker is saying about the Shellshock bug,” Walker says.
Update your operating systems
Not everyone rushes to update their iPhones every time Apple issues a software upgrade. But they should, Neufeld says.
“People tend to avoid updating, particularly I think a lot of people got burned with the last major iPhone update,” Neufeld says, referring to an update about a year ago that drastically changed the look of the iPhone interface.
“But a lot of times these include important security updates, so it will help protect you.”
Anti-virus software
While anti-virus software may not protect against Shellshock, Neufeld says it is still the best way to protect against malware.
Anti-virus software can detect an intrusion on a device.
“It would allow you to possibly detect any changes that have been made to your system or if someone was installing some other malware on it,” he says.
There aren’t a lot of anti-virus software options for Mac users, Walker notes, mainly because Mac products have not been as vulnerable. But there are products out there, and users should find one they like.
“It’s common sense,” Walker says. “If you have security software, update it. If you don’t, you should get it.”
