Is AtomBombing the future of code injection?

Software companies everywhere, especially tech giants like Microsoft, are used to releasing patches for vulnerabilities. One very common, and often dangerous, vulnerability involves code injection. Through code injection, the hacker can escalate to root privileges and load malicious content or steal data. What if, however, there was a brand-new way to perform code injections, a way without exploiting any vulnerabilities? The scary part: Because there are no vulnerabilities exploited, there are no vulnerabilities that can be patched.

This is what researchers at enSilo have stumbled upon and revealed in a recent blog. Calling it "a code injection that bypasses current security solutions," the researchers have nicknamed the technique "AtomBombing." This name comes from the fact that the code injections are employed via "the first code injection technique that is based on atom tables." In an Atom Bombing attack, the code injection targets a process within the atom table. It can then force the machine, which assumes the code is legitimate, to execute the malicious code and do the attacker's bidding.

Atom tables have existed in Windows operating systems since 2000, so this issue just has not been discovered until now. There is absolutely no way to patch it because AtomBombing takes advantage of how the OS, as enSilo put it, uses the "legitimate building blocks of Windows." The key now is attempting to determine how future Windows OS can exist without atom tables, or allow a mechanism to exist that sets off an "alarm" of sorts when AtomBombing is attempted. According to enSilo, the only measure that can be taken at this point is performing a "tech-dive into the API calls and monitor those for malicious activity."

Since the ability to inject code into atom tables has existed for more than 16 years, it really makes me wonder if this is the future of code injection? To be able to use legitimate processes at the core level of an operating system in a hack is pretty hair-raising stuff. As security experts, we tend to think in terms of vulnerabilities, things that can be patched with tweaks in the code. With something like AtomBombing, we are effectively powerless against the attack.

What else don't we know how to prevent as InfoSec experts?

Photo credit: National Nuclear Security Administration (Nevada Site Office)

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

It’s official: Microsoft shuts down Windows for Mobile

Windows for Mobile has been at death’s door for a while, but now it has now been taken off life…

28 mins ago

Interpol launches all-out attack against strong encryption

In another assault on privacy, Interpol plans to join law enforcement agencies in the U.S., Australia, and the UK in…

5 hours ago

How to upgrade an Exchange server without going crazy

When you upgrade an Exchange server, you can often expect some headaches, especially in legacy versions. These tips may alleviate…

8 hours ago

Intel and MediaTek announce 5G modem solutions partnership

A new partnership between Intel and MediaTek to develop 5G modem solutions wants to be in the fast lane when…

1 day ago

Azure Quick Tip: Troubleshooting your code with test pane

Sometimes, it’s the simple things that can save you a lot of headaches. As this Quick Tip shows, always make…

1 day ago

Creating bootable ISO files for Windows 10 the easy way

Microsoft has simplified the process of creating bootable ISO files, and we show you the easiest ways to create them…

1 day ago