image credit: pxhere
There are several short-term methods that can mitigate the Trojan Source attack that abuses Unicode to inject malicious backdoors in source, according to experts.
The new attack method, identified by University of Cambridge researchers, tricks compilers into reading hidden Unicode characters and generating binaries with extra instructions and backdoors that the developer or security analyst do not know about. Because the special characters are not visible by default, the malicious code is unlikely to be discovered during code review.
Comments are closed.
