Hackers use String of Emojis to hack you.๐
Hello Folks, Today i have some interesting for you. You can hack anyone by just using emojis.
๐ ๐ฏ ๐ฆ ๐ง ๐ฎ ๐ฒ ๐ค ๐ค ๐ ๐ฟ๐ ๐ ๐ ๐ ๐ ๐ ๐ ๐คฃ ๐ฅฒ โบ๏ธ ๐ ๐ ๐ ๐ ๐ ๐ ๐ ๐ฅฐ ๐ ๐ ๐ ๐ ๐ ๐ ๐ ๐ ๐คช ๐คจ ๐ง ๐ค ๐
Cybersecurity researchers said they have developed a way to exploit targets just using emojis.
In the near future, hackers could pwn you just by sending your computer or cellphone a random string of emojis, according to cybersecurity researchers.
Usually, when hackers find a flaw in a target computer or cellphone, they craft what is called an exploit โ a piece of code designed to take advantage of the flaw and take control of the target. Much like any other code, the exploit usually contains strings of letters and symbols.
But it doesnโt have to be that way.
During a talk at the hacking conference DEF CON in Las Vegas on Friday, security researchers Hadrien Barral and Georges-Axel Jaloyan said they have found a way to use just a series of emojis to deliver an exploit to a target. The caveat is that there is a specific circumstance that needs to occur for the emoji exploit to work.
โThe real-life scenario is a bit far-fetched. In very simple terms: say you found a vulnerability, but before getting to the vulnerable part, the hacker input needs to go through an emoji filter. Then, to exploit the vulnerability, the hacker needs an emoji-only input, aka an emoji-only shellcode,โ Barral and Jaloyan told Motherboard in an email, referring to the code that gives hackers a โshell,โ which is a prompt that hackers can use to send commands to the hacked machine. โWhat is the probability to have an emoji-only filter? Quite low actually.โ
Jayolan explained that when sending an exploit to the target, it has to first go through a filter โ for example, if a hacker sends their payload through a form that only accepts letters and digits, then the payload should be made of letters and digits. So, for the emoji attack to work, it needs to go through a filter that only accepts emojis, which Jaloyan said does not exist at this point.
The two researchers shared with Motherboard an example of an exploit made only of emojis. They also published the technical details of their research on GitHub.
Still, Barral and Jaloyanโs research and proof of concept shows that using emojis to hack targets is indeed possible.
โOur talk adds to the state of the art our new method,โ the researchers said. โThe main contribution is that we have an emoji-only payload which spawns a shell.โ
The researcherโs idea is to educate both cybersecurity attackers and defenders showing them this is possible, which should push them to change their behavior.
โWe hope this helps Red teams (pentesters) to apply this new technique to similar problems as well as Blue teams (defenders) to rethink their threat-model and improve malware detection,โ the researchers said.
During their research, Barral and Jaloyan found that some software has a hard time processing emojis. This doesnโt mean this software can be hacked with emojis, but shows that emojis are novel enough that not all computers and programs support them.
โWhen I tried to print the slides. I managed to crash both the printer and my computer at the same time. Since then, Iโm still not able to use the printer for any task!โ Jaloyan said. Iโll probably have to do a factory reset.โ
And this is it for today. โ๏ธ Enjoy your life with ๐ smile and keep learning and do hacking like a pro.
Feel free to Subscribe for more content ๐, clap ๐๐ป and share the article With anyone youโd like.
As always, I appreciate your support.
From Infosec Writeups: A lot is coming up in the Infosec every day that itโs hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 Github Repos and tools, and 1 job alert for FREE!
