Is AtomBombing the future of code injection?

Software companies everywhere, especially tech giants like Microsoft, are used to releasing patches for vulnerabilities. One very common, and often dangerous, vulnerability involves code injection. Through code injection, the hacker can escalate to root privileges and load malicious content or steal data. What if, however, there was a brand-new way to perform code injections, a way without exploiting any vulnerabilities? The scary part: Because there are no vulnerabilities exploited, there are no vulnerabilities that can be patched.

This is what researchers at enSilo have stumbled upon and revealed in a recent blog. Calling it "a code injection that bypasses current security solutions," the researchers have nicknamed the technique "AtomBombing." This name comes from the fact that the code injections are employed via "the first code injection technique that is based on atom tables." In an Atom Bombing attack, the code injection targets a process within the atom table. It can then force the machine, which assumes the code is legitimate, to execute the malicious code and do the attacker's bidding.

Atom tables have existed in Windows operating systems since 2000, so this issue just has not been discovered until now. There is absolutely no way to patch it because AtomBombing takes advantage of how the OS, as enSilo put it, uses the "legitimate building blocks of Windows." The key now is attempting to determine how future Windows OS can exist without atom tables, or allow a mechanism to exist that sets off an "alarm" of sorts when AtomBombing is attempted. According to enSilo, the only measure that can be taken at this point is performing a "tech-dive into the API calls and monitor those for malicious activity."

Since the ability to inject code into atom tables has existed for more than 16 years, it really makes me wonder if this is the future of code injection? To be able to use legitimate processes at the core level of an operating system in a hack is pretty hair-raising stuff. As security experts, we tend to think in terms of vulnerabilities, things that can be patched with tweaks in the code. With something like AtomBombing, we are effectively powerless against the attack.

What else don't we know how to prevent as InfoSec experts?

Photo credit: National Nuclear Security Administration (Nevada Site Office)

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

RAID 1 vs. RAID 5: When to use each level and why

Redundant array of independent disks (RAID) is the logical grouping of two or more disks…

17 hours ago

Microsoft 365 adds online scheduling to Microsoft Bookings app

Microsoft 365 users have access to an app called Microsoft Bookings. Before you dismiss it…

22 hours ago

Biometrics authentication: Where the technology is now — and where it’s going

As cyberthreats rise in number and complexity, biometrics authentication technology has seen rapid adoption and…

4 days ago

Remote work vulnerabilities: Tips on avoiding a nightmare scenario

Remote work is likely to remain permanent — and so will the vulnerabilities it brings…

4 days ago

Microsoft Teams rolls out new video meetings features

Microsoft Teams is adding new features to help employees adjust to the new normal of…

5 days ago

Azure Charts: If you’re not using this cool feature, you should be

This Azure Quick Tip shows you how to use Azure Charts, a great resource that…

5 days ago