Tuesday, 30 September 2014

Is your mobile device vulnerable to ShellShock?

Author :
Dear HackerzTAG Fan,
By now you’ve probably heard about “Shellshock,” a new vulnerability that went undiscovered for 22 years until Thursday. The bug targets BASH, a popular software widely used to control the command prompt on many *nix computers. Shellshock is extremely dangerous because attackers can simply run a shell command on the remote machine without the need to know anything about the victim’s system. It has the potential to wreak havoc on websites, web servers, PCs, routers and more.

If this vulnerability goes unpatched, hackers can gain complete control of an infected machine and compromise your business – not to mention the cost of operational down-time.
Is your mobile device at risk? 
We believe that very few ROMs of Android devices may be susceptible to this attack. If you want to find out if your Android device is vulnerable, check out the Zimperium Shellshock Vulnerability Scanner available for free download via the Google Play Store.
This app will assess whether your mobile device is at risk for the ShellShock vulnerability.  The app will determine if you are running a vulnerable version of BASH, or apps that include the BASH process. 
Security Recommendations

We believes this vulnerability exploit is limited to server-side infrastructure with the following three preconditions: the device is running a derivative of *nix, BASH running up to and including version 4.3 and web servers that use CGI scripts to accept web browser access. 

  • If you’re an end-user, watch for patches for your Mac, your Android phone, other devices you may have.
     
  • If you’re running LINUX systems it is recommended to update your machines ASAP, and check back for complete fix.
     
  • If you’re running web servers using BASH scripts, consider rewriting your scripts to use something other than BASH until a patch is available.

While hacking traditional computers has become increasingly difficult, mobile devices are still relatively unprotected and enable attackers to access internal networks easily. If a vulnerability like Shellshock can go undetected on a mature platform like Linux, imagine what vulnerabilities exist on the relatively immature mobile operating systems. These mobile attacks are happening in the wild – they are simply going undetected, just like Shellshock.
Read More here
|

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )