A New Trojan Source Can Take Over Almost Any Code Compiler
Companies and cyber security researchers are constantly striving to implement advanced security systems. That prevents hackers from gaining access to sensitive data in large organizations and companies. Researchers at the University of Cambridge have discovered. That nearly all computer code is susceptible to a bug currently found in all current Trojan Source code compilers.
Security researchers from England published a study entitled “Trojan Source – Invisible Vulnerabilities“. Researchers detail in the 15-page document how the Source Trojan affects code compilers. Software programs that convert human-written codes into “machine code”.
If you don’t know this, developers often start with thousands upon thousands of lines in code written in high-level languages like C++, Java, or Python when they begin to develop a software program. These languages are highly specialized, but the code must still be converted into machine code so that it can be understood by the computer. Compilers are capable of translating human-written code into a binary language computer systems can understand.
The vulnerability is discover in code compilers as well as several software development environments. It is related to the Unicode digital text encryption standard, which allows computer systems to exchange information regardless of language. Brian Krebs, the cybersecurity journalist, explains that the bug affects Unicode’s bidirectional or “Bidi” algorithm which handles mixed script text.
The study found that almost all code compilers have this vulnerability. This flaw can be use by an attacker to gain access to code compilers and modify original encoding during compilation. This would mean that even the original developer wouldn’t be aware of incorrect coding. Which could enable the hacker to gain access to computer networks.
Let’s Be Careful!
According to the Krebs report, this vulnerability could lead to large-scale supply chain attacks in many industries. According to Krebs, this vulnerability is disclosed in coordination with several market organizations. Krebs’s report, some companies have pledged patches to fix the vulnerability while others have “dragged their feet”.
“The Trojan Source vulnerability is affecting almost all computer languages, making it an excellent opportunity to compare the system-wide and environmentally sound responses between vendors and platforms. These techniques can launch powerful supply chain attacks, so it is crucial that all organizations involved in software supply chains have defenses,” warned researchers.