Hundreds of millions of computers and other devices are vulnerable to attacks from cyber criminals exploiting a bug in a piece of software crucial to operating systems and internet servers throughout the world, the UK’s privacy regulator has warned.
The Information Commissioner’s Office (ICO) said that exploitation of the flaw in the Bash software – dubbed “Shellshock” – could result in hackers being able to access personal data stored on users’ devices.
The Shellshock flaw essentially enables criminals to remotely control any computer with the vulnerability, which the ICO says “should be ringing real alarm bells” for British businesses which are legally obliged to keep their customers’ details secure.
The regulator warned businesses not to turn a blind eye to the flaw, or think that the issue sounds too complicated. “Ignoring the problem could leave them open to a serious data breach and ultimately, enforcement action,” the ICO added.
Both the UK and US governments have recognised the threat and issued national alerts in response to the bug, warning that it may compromise organisations responsible for “critical national infrastructure” such as power stations if it’s not dealt with swiftly.
The Independent reports that it doesn’t believe that there have been any confirmed reports of a successful major hack of this nature to date. However, it’s unclear if a comprehensive solution to the issue has yet been found, with security experts believing Apple’s recently released patch for Macs to be “incomplete.”
Stephane Chazelas, the 38-year-old French software developer who discovered the bug, told The Independent that “the list of possible infection vectors could be endless” if a confirmed fix is not developed.