Bug likely to affect devices across the globe
A new bug has been detected in devices, causing security problems to computers across the globe. Much caution has been advised by the experts, who have warned computer users about the potential of the bug that seems to be affecting hundreds of thousands of devices and services.
As per reports from the University of Surrey, Professor Alan Woodward said that “Many people are running around right now trying to work out if this is truly catastrophic or whether we have dodged a bullet.”
Google engineers are working with security engineers at Red Hat, to find a solution for this bug and have released a patch to fix the problem.
The manufacturers and the community behind the Linux operating system will issue the patch that has affected the software and devices as soon as possible.
Google’s team has detailed on how a flaw in some commonly-used code could be exploited in a way that allows remote access to devices – be it a computer, internet router, or other connected piece of equipment.
As per studies, the code can also be within many of the programming languages such as PHP and Python. These are systems that are used to logging in to sites or accessing emails.
“But it’s true there’s a very real prospect that a sizable portion of internet-facing services are at risk for hackers to crash, or worse, run remote code to attack others,” said Washington D.C-based security researcher Kenneth White.
The bug is found in glibc – a open-source library of code that is widely used in internet-connected devices.
Experts said that the particular function of the bug is to convert a typical web domain, say abc.com and find the corresponding IP address. This enables access to whatever website or service is needed by the user.
The domain look-up code in glibc contains a bug that could allow hackers to maliciously implant code within a device’s memory. From here, attacks such as remote execution – controlling the device over the internet – could take place.
The scale of the problem is difficult to determine because it is unclear how many devices and systems make use of the glibc code.
For instance, Google Android devices use a substitute library which is not vulnerable to this particular attack.
But hundreds of thousands of others could be, and so manufacturers are being urged to test their systems using a proof-of-concept attack developed and released on Tuesday by Google’s team.
Major systems like Windows or OS X are unaffected – but consumers need to be more concerned about smaller connected devices.