NPR logo

Shellshock Bug's Impact Could Be Huge, But It's Unclear For Now

  • Download
  • <iframe src="https://www.npr.org/player/embed/351789365/352198530" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Shellshock Bug's Impact Could Be Huge, But It's Unclear For Now

Privacy & Security

Shellshock Bug's Impact Could Be Huge, But It's Unclear For Now

Shellshock Bug's Impact Could Be Huge, But It's Unclear For Now

  • Download
  • <iframe src="https://www.npr.org/player/embed/351789365/352198530" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Mac OS and Linux operating systems are most at risk for the Shellshock bug. iStockphoto hide caption

toggle caption iStockphoto

Mac OS and Linux operating systems are most at risk for the Shellshock bug.

iStockphoto

Hundreds of millions of computers and networks are at risk after a bug called Shellshock was found this week. It turns out it's actually been around for a while — it took 22 years to discover this bug. If exploited by hackers, the impact could be huge.

What has security companies so worried is the wide scope of the systems affected and the potential here for wreaking havoc for systems connected to the Internet. Shellshock affects websites and computers running operating systems such as Mac OS and Linux. And it's estimated that more than 80 percent of the Internet serves websites on the software affected by this bug. Just hours after this security flaw was announced, it was already being exploited. A few things to keep in mind:

How does the bug actually work?

Your computer has a type of program called a shell — which lets you give it commands like, "run my Web browser," "open up this file," etc. If you use a Mac, that shell is likely Bash, which stands for Bourne-Again Shell. The vulnerability or bug discovered this week is in Bash.

Since it is the shell that runs when you give your computer commands, the worry here is that Shellshock could be used to take control of your machine. You can imagine the danger if a malicious hacker were to give it the wrong command, like "delete my files." So the main concern is that computers could be accessed remotely, making users quite vulnerable.

How are Internet companies responding?

Since it could affect most of the Internet, the big companies like Google and Amazon have already rolled out software patches for this. The question is whether smaller sites and programs patch things up quickly or leave themselves — and their users — vulnerable.

What can we individual users do to protect ourselves?

If you're running Windows, you're in the clear, as the vulnerability does not affect Microsoft Windows users. Operating-systemwise, Mac users are more at risk here, though Apple says most OS X users are safe. There's likely going to be an operating system update or patch for anyone running a Mac. So keep up to date with any software updates, and update your computer and mobile devices as those are released.

For the websites you commonly use, the best way you can limit exposure is to have different passwords for different services. And for the Web services you use, find out who's making the software and what the manufacturer says about the Shellshock bug, so you can protect yourself.

But we really won't see the fallout immediately. It's likely to play out over the next few months or years, as the sites and programs that don't patch up the flaws or don't monitor their security closely could stay vulnerable until a hacker takes control.

We no longer support commenting on NPR.org stories, but you can find us every day on Facebook, Twitter, email, and many other platforms. Learn more or contact us.