A Chip Flaw Strips Away Hacking Protections for Millions of Devices
FOR THE LAST decade or so, hackers have faced a daunting challenge when they try to break into a computer: Even when they get malicious code running on a victim’s machine, they have to figure out where in the computer’s memory that code has ended up. That’s because a security protection used in Windows, Android, and every other modern operating system randomizes where programs run in a device’s memory. It turns the process of digital intrusion into something like an attempt to burglarize a house in total darkness.
But now a team of Dutch researchers has found a technique that undermines that so-called address space layout randomization, creating the You Are Here arrow that hackers need to orient themselves inside a stranger’s computer. That means any of the common memory corruption bugs found in software applications on a daily basis could lead to a much deeper takeover of a target PC or smartphone. And because the attack exploits not software but hardware, it leaves millions of devices at risk regardless of their operating system—and it can’t be fully fixed with any mere software update.
Source | wired