![Filehippo - Software that matters](https://news.filehippo.com/wp-content/uploads/2020/03/header-strapline.png")
A Dutch team discover a new hacking method but are the big tech companies listening?
There’s chilling news coming from a Dutch team of security researchers who discovered a brand-new method of cyberattack. Typical hacking attempts require installing malicious code on a computer then trying to find where that code is located within the system’s memory. As difficult as that is to pull off, it still leads to quite a high number of cybercrimes each year.
But the techxperts have now found a new method that relies on the way the computer’s processor categorizes files in its memory. According to a breakdown of the discovery by Andy Greenberg for WIRED, “The attack exploits the way microprocessors and memory interact: Processors have a component called a memory management unit that maps where a computer stores programs in its memory. To keep track of those addresses, the MMU constantly checks a directory called a page table.”
It’s this directory that hackers can exploit, tracking their code directly to its location by following the MMU’s progress. Since its stored in the processor’s cache and since Javascript can actually write to this cache, even the mere visiting of a website can infect your computer now. You no longer have to click a link and work to install the virus, it’s sitting in wait for the next person to happen along.
So Is It Really A Threat?
The team who discovered this method has taken pains to let the right people in on it, but so far, the response from major tech companies has been sluggish. Microsoft and Intel reportedly told WIRED there is no threat from this kind of attack, and while not the answer security experts were looking for, at least it was an answer. Other companies didn’t even bother responding with a comment. Apple has reportedly crafted an update to tighten things up in the Safari browser, but they didn’t specifically address this form of attack.
The worst possible news is that the only way to fully protect from it will be to strip the hardware, not issue a software update. As long as MMUs work this way, any update will just be a small hurdle for hackers to jump.