New research finds literally all computers vulnerable to new ‘Trojan Source’ exploit

When you’re programming something like an app, developers write it in something called high-level language, which includes languages like Python, Ruby, Java and C++. Computers though can’t read these languages; instead, they often read data via the binary digits in machine language. In order for computers to read our codes then, a compiler is used to act as a translator from high-level code to machine code and vice versa,

However, it appears as though these compilers are actually pretty easy to hijack. According to a new research paper by PhD student Nicholas Boucher and Professor Ross Anderson of the University of Cambridge, they have found a new type of cybersecurity attack. As it turns out, most compilers out there have a bug in it that, once exploited can be taken over by any bad actors. These hackers can then replace the code being fed into the compiler with their own, overriding the original code.

Nicholas Boucher

Boucher and Anderson explain that it works by exploiting the subtleties in the text-encoding standards like Unicode, and produce source code with tokens logically encoded in a different order in which they were presented. They call this type of hack the ‘Trojan Source’ attack, and it currently poses a threat to both first party software and supply-chain compromise throughout the industry.

The Cambridge researchers do provide some form of solution though, with the simplest defense against Trojan Source being the banning of the use of text directionality control characters in the language specifications and in the compilers implementing the language.

So far, they’ve contacted a number of companies to share their findings and get them to patch the issues, but not all have carried out patched out the loop hole just yet. They conclude by stating:

“…It is prudent to deploy other controls in the meantime where this is quick and cheap, or relevant and needful. We recommend that governments and firms that rely on critical software should identify their their suppliers’ posture, exert pressure on them to implement adequate defences, and ensure that any gaps are covered by controls elsewhere in their toolchain.

The fact that the Trojan Source vulnerability affects almost all computer languages makes it a rare opportunity for a system-wide and ecologically valid cross-platform and crossvendor comparison of responses.” – Nicholas Boucher and Ross Anderson

If, and only if, you’re interested in learning more about the Trojan Source exploit to perhaps patch your own software or maybe look at ways of solving it, you can check out the Trojan Source website or click here for the complete research paper.

[ SOURCE ]

Recent Posts

Malaysia Airlines’ new A330neo grounded temporarily due to production issues

Malaysia Airlines has temporarily grounded its brand new Airbus A330neo after completing four commercial flights.…

6 hours ago

Proton e.MAS 7: Here’s how much it cost to maintain this EV

Pro-Net recently revealed that you only need to service the new Proton e.MAS 7 EV…

2 days ago

Proton e.MAS 7: How much does it cost to replace the tyres?

The Proton e.MAS 7 is one of the most value for money SUVs at the…

2 days ago

Samsung to launch its new AI-powered home appliances with improved ecosystem integration at CES 2025

Samsung has announced that it will be holding its press conference titled "AI for All:…

2 days ago

SoyaCincau Awards 2024: The Best Phones of the Year

Modern smartphones are very capable computing devices, thanks to powerful hardware trickling down the price…

2 days ago

CelcomDigi offers 5G Home WiFi at RM69/month for Postpaid customers

If you're a CelcomDigi Postpaid 5G customer and can't get fibre broadband for your home,…

2 days ago

This website uses cookies.