Swedish software development and security experts from Umeå University (UMU) analyzed applications created in Java. They discovered serious vulnerabilities in the methods of obtaining and reconstructing information using this language. The research was published in the official gazette Web site scientific institution.
According to publicly available data, Java is used by more than 30% of developers worldwide, creating everything from video games to Spotify and Netflix apps, space probes, and software for banking and government agencies.
Researchers examined Java products that use deserialization, which is the process of restoring a data structure from its encoded state. Deserialization removes user settings, game functions, shopping carts in online stores, online bank transfers, etc. Commonly used to activate.
Scientists concluded that during deserialization in Java, attackers can gain full control over the receiving system due to small and very common errors in the code.
With their help, hackers managed to break into the San Francisco Department of Transportation’s network and jam payment terminals, as well as steal more than 147 million files containing personal data from Equifax, the largest US credit reporting agency.
According to experts, there is no easy way to fix these vulnerabilities since most Java applications rely on external data libraries. The only effective security method is to avoid the use of deserialization when developing in Java.
happened before known It’s about a series of critical vulnerabilities affecting hundreds of Android and iOS smartphones.
What are you thinking?
Source: Gazeta
Jackson Ruhl is a tech and sci-fi expert, who writes for “Social Bites”. He brings his readers the latest news and developments from the world of technology and science fiction.