New Trojan Source Method Lets Attackers Hide Vulns in Source Code

  /     /     /  
Publicated : 23/11/2024   Category : security


New Trojan Source Method Lets Attackers Hide Vulns in Source Code


Researchers discover a new technique attackers could use to encode vulnerabilities into software while evading detection.



Security researchers have discovered a new technique to inject malware into source code while remaining invisible to human reviewers.
The Cambridge University researchers who shared the Trojan Source method
say
the attack exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vulnerabilities that cannot be perceived directly by human code reviewers.
This tactic manipulates the encoding of source code files so compilers and human viewers see different logic, as discovered by Nicholas Boucher and Ross Anderson, the latter explained in a blog post.
One attack, tracked as CVE-2021-42574, uses Unicode directionality override characters to show code as an anagram of its true logic. This attack works against C, C++, C#, JavaScript, Java, Rust, Go, and Python; the researchers believe it will work against most other modern languages as well. A related attack using visually similar characters is tracked as CVE-2021-42694.
The team made responsible disclosure to all companies and organizations whose products they found to have vulnerabilities.
Read more details
here
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Trojan Source Method Lets Attackers Hide Vulns in Source Code