Trojan Source Bug Could Hijack Compilers
Share this:
Researchers working to introduce advanced digital security systems to prevent hackers from getting hold of significant data from major companies and organizations. Recently researchers shown that almost all computer code is vulnerable to a specific bug that is currently present in all computer code compilers in the market.
Trojan Source, Invisible Vulnerabilities” detailing how the Trojan Source affects coding compilers, which are software applications that compile and convert human written codes into what is called “machine code”.
When a developer starts developing a software application, it usually starts with thousands of lines of codes written in high-level languages such as C++, Java, or Python. Although these are specialized languages, the code still needs to be converted into binary bits called machine code that the computer could understand. This is where compilers come into the picture as they are able to translate the human-written code lines into binary language that computer systems understand.
Trojan Source could affects most computer code compilers and several software development environments. It involves the digital text encoding standard Unicode that enables computer systems to exchange information, no matter the language. The bug specifically affects Unicode’s bi-directional or “Bidi” algorithm that handles the mixed scripts texts.
Almost every code compiler has the said vulnerability. A hacker can use the loophole to gain access to code compilers and change the original coding of an application during the compilation process.
By embedding the malicious code, this vulnerability could initiate large-scale supply chain attacks in many industries. So, the vulnerability disclosure was coordinated with various organizations in the market.
The fact that the Trojan Source vulnerability could lead to a powerful supply chain attacks can be launched, it is essential for organizations that participate in a software supply chain to implement defenses
