You’ve heard of the Trojan Horse before, but have you ever heard of the Trojan Source? While we have covered the former in the past, the latter is the new (yet dangerous) kid on the block that has been taking the cybersecurity community by storm.
The “Trojan Source” made its official debut via a study conducted by researchers from the University of Cambridge, in which they expressed the immense danger that it poses to the tech world.
While keeping things simple, the Trojan Source is a bug that affects computer code compilers and a whole host of software development environments. The way it does so is through a deceptive exploit, which essentially makes any rendered source code look perfectly acceptable to any human code reviewer.
In other words, this is a vulnerability that makes potentially malicious code look safe.
This particular bug is an enormous issue primarily because it is such a hidden threat. Matthew Green, an associate professor at the Johns Hopkins University, stated that, based on the Cambridge study, the bug has the capacity to cheat most compilers into processing code in a different way than a human reviewer would imagine it to be processed.
On top of that, Green also noted there are currently no defense mechanisms put in place for it, and this kind of bad publicity could mean that online malefactors will try to seize this opportunity to cause some trouble.
Yes, there is! While it is true that no defenses have been established yet, there was also a widespread vulnerability scan that was unable to find evidence that anyone had used this exploit. In addition to that, it is guaranteed that software suppliers will be working on a patch to rid of this vulnerability within the coming days.
If you’re wondering how to be safe in the meantime – fear not, there is a short-term solution! If you find yourself copying and pasting code, you can open up the code within a hex editor to ensure that it is safe!