When you’re programming something like an app, developers write it in something called high-level language, which includes languages like Python, Ruby, Java and C++. Computers though can’t read these languages; instead, they often read data via the binary digits in machine language. In order for computers to read our codes then, a compiler is used to act as a translator from high-level code to machine code and vice versa,
However, it appears as though these compilers are actually pretty easy to hijack. According to a new research paper by PhD student Nicholas Boucher and Professor Ross Anderson of the University of Cambridge, they have found a new type of cybersecurity attack. As it turns out, most compilers out there have a bug in it that, once exploited can be taken over by any bad actors. These hackers can then replace the code being fed into the compiler with their own, overriding the original code.
Boucher and Anderson explain that it works by exploiting the subtleties in the text-encoding standards like Unicode, and produce source code with tokens logically encoded in a different order in which they were presented. They call this type of hack the ‘Trojan Source’ attack, and it currently poses a threat to both first party software and supply-chain compromise throughout the industry.
The Cambridge researchers do provide some form of solution though, with the simplest defense against Trojan Source being the banning of the use of text directionality control characters in the language specifications and in the compilers implementing the language.
So far, they’ve contacted a number of companies to share their findings and get them to patch the issues, but not all have carried out patched out the loop hole just yet. They conclude by stating:
“…It is prudent to deploy other controls in the meantime where this is quick and cheap, or relevant and needful. We recommend that governments and firms that rely on critical software should identify their their suppliers’ posture, exert pressure on them to implement adequate defences, and ensure that any gaps are covered by controls elsewhere in their toolchain.
The fact that the Trojan Source vulnerability affects almost all computer languages makes it a rare opportunity for a system-wide and ecologically valid cross-platform and crossvendor comparison of responses.” – Nicholas Boucher and Ross Anderson
If, and only if, you’re interested in learning more about the Trojan Source exploit to perhaps patch your own software or maybe look at ways of solving it, you can check out the Trojan Source website or click here for the complete research paper.
[ SOURCE ]
Google has announced new verification requirements for advertisers promoting financial products and services to users…
Malaysia’s electric vehicle (EV) market continued to grow in February 2026 even as overall vehicle…
The order books for MGS5 EV CKD are now open after MG Motor Malaysia officially…
JomCharge x DBKL continue to deploy more street-level EV chargers and the latest location is…
Proton is set to launch the refreshed version of its D-segment SUV, the X90, on…
Not too long after launching the flagship Xiaomi 17 series, Xiaomi Malaysia is launching new…
This website uses cookies.