The SIP World Gets Shellshocked. What You Should Know.

shellshockThe internet has changed the way we work, shop, connect, communicate, and entertain ourselves. For most of us, it represents an opportunity to simplify tasks and broaden our world. For a very few, it represents an opportunity to do harm. Usually, these bad actors are stopped by security protections deployed by system administrators, but once in a while, vulnerabilities are uncovered that might let someone with nefarious intent gain access to systems or hardware that they are not authorized to control. Shellshock is the name for a recently uncovered vulnerability of this type.

What is Shellshock?

Shellshock is the name given to a vulnerability in a Linux process called Bash.  Bash is an almost ubiquitous program that is present on just about every Linux-based computer and device in the world.  You may have used it if you’ve used the “command line” on Linux, Mac OS X or Android, all of which run a Bash shell. By exploiting this vulnerability, a perpetrator could run code directly on the attacked system, opening the door to all sorts of mayhem.

What Can I do to Protect Myself?

After the last well-known vulnerability, Heartbleed, was discovered, people were encouraged to change their passwords. Unfortunately, that won’t help against a Shellshock exploit. There actually isn’t much that most people can do in this case. System administrators, operating system and hardware vendors, and hosted services providers will need to apply software patches that address the problem.  Individuals should install any software updates related to web-enabled devices as soon as they are available. Google, Amazon, Apple, and other major vendors have already released updates. Mac hardware is particularly at risk, so users should pay careful attention to updates. Internet routers can also be at risk, so be sure to apply any updates if it isn’t done for you automatically.

How is SIP.US Protecting Clients?

Like many other SIP and VoIP providers, SIP.US does leverage Linux. To protect our clients, we have applied a Bash update to all of our servers.  There is no action needed on the part of our customers, but please do apply any updates you receive from the manufactures of hardware located on your site. We are not aware of any customers being impacted as a result of this vulnerability. Unfortunately, IP based communications systems are a favorite target of attackers, so we must remain vigilant.

We will continue to keep you updated. Rest assured that we are committed to safeguarding the security of your SIP.US solution.

Free SIP Trunk in 60 Seconds

Related Posts

Red Flags to Look for When Evaluating SIP Trunk Providers

March 31, 2017

Most people don’t buy business phone systems very often, so it can be difficult to…

Read More
The Right SIP Solution

How to Find the Right SIP Trunk Solution for Your Business

March 27, 2017

If you are attracted by all of the cost savings and flexibility that SIP trunking…

Read More

Listen Before You Leap – Get a Free SIP Trunk Trial

March 20, 2017

The benefits of SIP trunking for business are significant. Some customers are able to cut…

Read More