Has it finally happened … is everything going to get hacked?
Well the issue is everything can be hacked of course.
What this latest issue is unfortunately taking advantage of the design flaw in a critical piece of IT technology.
Compilers are needed to create software (all software).
So what would happen if all compilers have a possible weakness?
Then in theory all software could be “hackable”.
The next few months is going to be interesting as we are now in the point in the vulnerability timeline where everyone (hacker and software company) knows about a vulnerability and now everyone will feverishly try to create a hack or a patch/upgrade.
More malware and attacks will be coming…
As I have discussed in this original post in 2017 and in my book.
explained by this image:
Keep up on news and patch your systems!!
I read the cyber news fastidiously as one learns things that are happening in the cybersecurity world. From krebsonsecurity.com I saw an interesting story from a couple of days ago.
The above story highlights a unique phenomenon uncovered by Cambridge researchers.
Apparently a ‘feature’ in most compilers out in the world have includes a left-to-right and right-to-left reading of text. called a “Bidi algorithm”
The control characters that allow this switch can cause problems within a program if used in a malicious way.
From the original paper: trojansource.codes
Adversaries can leverage this deception to commit vulnerabilities into code that will not be seen by human reviewers.
This attack pattern is tracked as CVE-2021-42574.
So now that we have identified the problem we are now in the murky world of how will this actually affect all of us?
Well – if all the software developers of compilers and software would update and redo their software that would be great. Yes well that would be in a perfect world. In the real world only some will see the news and start working for a fix. Since they may have to stop whatever they are working on now and start working on this issue. It would be nice if all the software companies would discuss and resolve this issue but we know this will not happen.
In fact we know some are already balking at this. because the hackers have not started hacking yet – and it is not obvious how an attack will come. But the next attack will be ingenius and dangerous. (I will not help this along by critiquing the actual attack angles).