Popular software program poses a severe security risk for connected devices
Attackers have found simple ways to exploit the flaws in a software system that some of the biggest tech companies use.
The flaw, also known as a vulnerability, is considered a 10/10 risk because of the potential impact it can have.
A flaw in the software, Log4j can give hackers easy access to computer networks, personal data, and financial information.
"The first level of vulnerability may not impact you as an individual. It could impact services that you use," Randy Rose said, Senior Director of Cyber Intelligence at the Center for Internet Security.
Log4j is part of the programming language, Java. Companies including Apple, Amazon, Twitter and Microsoft all use it.
With any vulnerability, Rose said hackers find ways to pivot or move into different parts of the network, and access different forms of data.
"You’re trusting the logging capability to follow the rules that are described by the software, but an attacker can manipulate those rules," he said. "Use those rules a little bit differently than intended and send your records to somewhere that it’s not supposed to be."
While the average person probably won’t see much of an impact, there are a number of consumer-based products that likely use Java-based logins. Smart TVs, smart devices, even printers, things like that could be impacted by this," Rose said.
The most at-risk are the smaller businesses.
"Especially if you think of small mom-and-pop businesses, local government, any of the kind of small resource-strapped organizations that don’t have a lot of control," Rose said.
There is something you can do to keep the risk down: do the scheduled updates on your devices.
"That really is the only fix for this. Updating to the latest version of Log4j to ensure that you’re not impacted by the vulnerability," Rose said.
Just because you are vulnerable, does not mean you will be attacked. The Center for Internet Security and Cybersecurity & Infrastructure Security Agency are also still learning how this hack works and the impact it has.
MORE INFORMATION: Log4j Zero-Day Vulnerability Response