We use our operating systems everyday without much thought about the coding that goes into making our computers, tablets and other devices give us the instant connection we crave. It takes a lot to run all that data and content we consume and we take for granted the systems in place that make it possible. We also rarely take into concern any potential threat from the programming inside.
Well, bad news may be coming for users of Linux operating systems as Google's security team has published this week about a vulnerability in coding that could allow for some devastating effects. The potential for hackers to use the break in the glibc coding to control devices from remote via the internet could leave thousands of devices prey to malicious intentions. The Google Online Security blog does a great job of breaking down the problem and luckily, after teaming up with a couple of engineers from Red Hat, they have a solution to offer consumers and manufacturers.
The difficult part in describing a vulnerability like this is that experts aren't quite sure how much damage is or has already been done.
According to the BBC report, this bug has been around since 2008 and glibc maintainers were aware of the problem. The difficult part in describing a vulnerability like this is that experts aren't quite sure how much damage is or has already been done. Now that engineers have pointed out the weakness and the potential exploits, it's a race to protect devices and to see which ones may have already been affected. Google's team has encouraged manufacturers to test their systems with proof-of-concept attack that they've created to help identify affected systems. The patch to help protect glibc users is available here via the Google Online Security Blog.
The glibc package contains the two most important standard C and math libraries that are required for the Linux system to function. Versions of glibc since 2.9 seem to be affected but the good news is that major operating systems like Windows, OS X and Google Android are not susceptible. However, glibc users should be thinking about their smaller devices, such as routers. Ars Technica also reports that Bitcoin software is at risk.
Thinking about all the fun we could have with the Internet of Things is great, until we realize how vulnerable our systems can be with the fundamental coding that's integral to how our devices function, especially over the Internet. Sure, we think about our identity being compromised, but the common user probably doesn't think twice about the protection of their device's operating system or the potential threat that could lie within. Check your operating system ASAP if you're running Linux and glibc!