There may be far-reaching, long term implications of the Shellshock Bash Bug for IoT. With so many IoT devices running a linux-based kernel and exposing simple web services, it's possible there are already millions of devices out there that need patching in some way - think every Raspberry Pi, every Intel Beagle/Edison board, every Ardunio Yun, and many more. It's the "O" part of GPIO that scares me the most. It may be possible to exploit the bug to influence the physical world all too easily (change the traffic lights, open a flood gate, etc).

This is a great example of why security on IoT does matter, and why these devices cannot simply be "set and forget".