The newly discovered Trojan Source allows you to hack any software
A new study shows that all computer codes in the world are subject to some form of exploitation This can (badly) lead to large-scale supply chain attacks.
Failure Question found Researchers at the University of Cambridge in the UK have begun to call “Trojan source”. This Affects what is known as “Trojan” code compilers– Man-made source code Key components of software that run on machines.
When the software is used, Programmers write in language that humans can read, Call Code “High level”. This includes languages Java, c++, like Python. However, the script algorithms really have to be Activated by a computer, code Humans need to translate into readable form Containing engine Absolutely inside Binary bits, so called “Mechanical code”. This is where compilers come in. They act Translating a language, as intermediaries between humans and machines To another.
Unfortunately, like new Study, May be attacked Very easy. Researchers have found that almost all compilers have a bug that, when used correctly, Let them pass For invisible malicious purposes. Exploitation, malicious actor It can, presumably, effectively bypass the instructions of a program and feed machines with a different code than originally planned.
Like that, “Trojan source”Can be used hypothetically to trigger large-scale supply chain attacks. Recent such attacks Hrs Against Solar Winds, They involve the quiet implementation of malicious programming in software products as a vector to compromise the systems and networks of specific targets. In theory, hackers This exploitation can be used to mark vulnerabilities in entire software ecosystems, allowing them to be used for attack. Also directed. Thus, vulnerability represents an “immediate threat”, the researchers write, and “may threaten to compromise the supply chain throughout the industry.”
G / O can get media commission
The document recommends the implementation of several new protections specifically targeted To protect Such editors That means avoiding it Big new problem. Cyber Security Correspondent Brian Krebs Reported From That, as a result of the study, Some companies have already promised to provide “Trojan” related links. However, others are said to be “pulling their legs”.
“The fact that the Trojan source vulnerability affects almost all computer languages provides a unique opportunity to compare eco-friendly and computer-wide cross-platform and vendor-based responses,” the document states. “Because powerful attacks can be easily resisted Companies involved in the software distribution chain need to use these techniques to enforce security. “
Comments are closed, but trackbacks and pingbacks are open.