Another day, another threat to your online security, this one coming in the form of a bug named “Shellshock” by Security Researchers.
Naturally, we want to give our users a comprehensive sense of this new threat and provide some information and assurances about our software. So please read on to learn more about Shellshock and why FlashRouters are as safe as ever.
What Is the Shellshock Bug?
Expectedly, the explanation for the bug is dry and technical, so we’ll direct you to this invaluable Engadget article for a more specific answer and give you the important details:
Shellshock, presumably so named because it affects shells, is a bug that, well, affects shells. Shells are software that helps your computers and assorted devices interpret text so that you can understand the text and actually use the device the software is on.
And here’s where the dangerous part comes in: if an attacker requests any information from your router, security camera, or smart device that is using a BASH (Bourne Again SHell) shell, then the attacker can then add malware, allowing them to access sensitive files, activate your devices, use them, delete things, basically anything you can do on your own, and certainly things you wouldn’t want a stranger doing.
So yes, the Shellshock bug is a bit scary, so of course we take it very seriously.
Are FlashRouters Affected By the Shellshock Bug?
Short answer: No.
Okay, maybe you deserve a little more: according to our in-house testing and multiple DD-WRT & TomatoUSB community reports, we have found that the Shellshock vulnerability will not work on a DD-WRT or TomatoUSB installed router.
As we mentioned above, the vulnerability is based on the Bourne Again Shell (or BASH), but DD-WRT & Tomato firmware use BusyBox which is confirmed to not have this issue.
That said, if you’re using Optware on your DD-WRT router, it is recommended you turn that feature off, as that implementation is BASH based. Other than that, take comfort, FlashRouters users: as ever, our devices stand up to the test where others fail.