Bash bug flung against NAS boxes

Hackers are attempting to exploit the BASH remote code injection vulnerability against Network Attached Storage (NAS) systems.

Miscreants are actively exploiting the time-to-patch window in targeting embedded devices, security firm FireEye warns.

We have evidence that attackers are actively exploiting the time-to-patch window and targeting embedded devices, specifically those made by QNAP, in order to append their SSH key to the authorized_keys file and install an ELF backdoor.

The sheer number of devices which run an embedded Linux OS mean that the potential for wide scale compromise of network-connected personal and business data storage systems is very high. Many smart or connected devices utilise similar set-ups as NAS boxes and may be just as vulnerable.

FireEye reckons the ongoing attack represents one of the first in the wild Shellshock attack against Internet of Things devices.

Target of the NAS box Shellshock attach are primarily located in Japan and Korea with one additional target observed in the US. Two of their malware host servers are located in Korea and the US, but there's few other clues about the identity of the attackers, whose motives also remain unclear. ®