New research finds literally all computers vulnerable to new ‘Trojan Source’ exploit

When you’re programming something like an app, developers write it in something called high-level language, which includes languages like Python, Ruby, Java and C++. Computers though can’t read these languages; instead, they often read data via the binary digits in machine language. In order for computers to read our codes then, a compiler is used to act as a translator from high-level code to machine code and vice versa,

However, it appears as though these compilers are actually pretty easy to hijack. According to a new research paper by PhD student Nicholas Boucher and Professor Ross Anderson of the University of Cambridge, they have found a new type of cybersecurity attack. As it turns out, most compilers out there have a bug in it that, once exploited can be taken over by any bad actors. These hackers can then replace the code being fed into the compiler with their own, overriding the original code.

Nicholas Boucher

Boucher and Anderson explain that it works by exploiting the subtleties in the text-encoding standards like Unicode, and produce source code with tokens logically encoded in a different order in which they were presented. They call this type of hack the ‘Trojan Source’ attack, and it currently poses a threat to both first party software and supply-chain compromise throughout the industry.

The Cambridge researchers do provide some form of solution though, with the simplest defense against Trojan Source being the banning of the use of text directionality control characters in the language specifications and in the compilers implementing the language.

So far, they’ve contacted a number of companies to share their findings and get them to patch the issues, but not all have carried out patched out the loop hole just yet. They conclude by stating:

“…It is prudent to deploy other controls in the meantime where this is quick and cheap, or relevant and needful. We recommend that governments and firms that rely on critical software should identify their their suppliers’ posture, exert pressure on them to implement adequate defences, and ensure that any gaps are covered by controls elsewhere in their toolchain.

The fact that the Trojan Source vulnerability affects almost all computer languages makes it a rare opportunity for a system-wide and ecologically valid cross-platform and crossvendor comparison of responses.” – Nicholas Boucher and Ross Anderson

If, and only if, you’re interested in learning more about the Trojan Source exploit to perhaps patch your own software or maybe look at ways of solving it, you can check out the Trojan Source website or click here for the complete research paper.

[ SOURCE ]

Recent Posts

Jaecoo J5 EV: First look at the potential Proton e.MAS and BYD challenger

Jaecoo J5 EV has made its first official appearance in Malaysia, allowing the public to…

7 hours ago

DC Handal turns on EV Chargers at Zenith Hotel Cameron

If you're heading to Cameron Highlands with an EV, there are now more EV charge…

12 hours ago

ChargEV turns on 6 EV Charge Points at Aeon Mall Ipoh Station 18

ChargEV continues to deploy more EV chargers at Aeon Mall premises. Shortly after turning on…

21 hours ago

Malaysia EV registrations nearly double in June 2026, Proton e.MAS 5 leads again

Malaysia's electric vehicle (EV) market continue to show strong momentum in June 2026, with 6,215…

1 day ago

Mercedes-AMG CLA 45 goes electric with 671hp and AMG four-cylinder sound

Mercedes-AMG has unveiled the new CLA 45 4MATIC+, and for the first time, it is…

1 day ago

Tesla Model Y Long Range AWD discontinued from Malaysia lineup, inventory units still available

Tesla Malaysia has removed the Model Y Long Range AWD from its online configurator, leaving…

2 days ago

This website uses cookies.