您的 IP 地址: 未知 · 您当前的状态: 受保护未受保护的未知
博客 In Depth

What is a buffer overflow attack?

Buffer overflow attacks have been exploited for vulnerabilities by hackers for over 30 years. They have allowed hackers to take control of users’ devices and even disrupt internet connections all over the world. Find out what a buffer overflow attack is and how to protect yourself.

Charles Whitmore

Charles Whitmore

Jun 24, 2020 · 4 min read

What is a buffer overflow attack?

What is a buffer and buffer overflow?

To understand what a buffer overflow attack is, you must first understand what a buffer does. A buffer is a temporary and limited data storage location that is used to move data from one place to another. Buffers are used for input and output control, like for your keyboard and speakers, as well as for software like Photoshop. Programs usually have thousands of buffers that help them run smoothly.

You can imagine a buffer as a rollercoaster. It can only accept a certain number of people (or data), and once the ride is over, or the data is transferred, it can take on more people. It works in FIFO (first in, first out) order, meaning that it inputs and outputs the data in the order it arrived. Buffers are usually stored in your RAM or sometimes written in your physical drive.

Buffer overflow is the most common of DDoS attacks. It happens when the input data goes over the memory allocated for the buffer and overwrites data into the other areas of the program not designed to store it. If the rollercoaster has 6 seats, an overflow is when 7 or more people get on. If there is too much data headed into the buffer, your program might slow down or crash, or you might see incorrect results or memory access errors. It also allows hackers to exploit vulnerabilities and perform buffer overflow attacks.

How does a buffer overflow attack work?

It’s an attack where a hacker uses the chaos caused by a buffer overflow to insert malicious code into sensitive areas. This allows an attacker to execute any command or change how the program functions. They may also gain access to the user's device.

A typical buffer-overflow attack example would be a hacker overloading a system on your device or computer with a massive amount of data. This causes the system to crash, which can lead to hackers exploiting the vulnerabilities left from the aftermath of the attack. The WhatsApp attack of 2019 (we'll examine it in greater detail below) that injected malware into users’ devices has also proven that this type of attack is still relevant to this day.

Buffer overflow examples

Hackers have been using buffer overflow bugs to cause havoc all over the world for 30 years. However, it’s still almost as relevant now as it was back in the ‘80s. Let’s have a look at the most famous buffer overflow attacks.

The Morris Worm attack in 1988

Buffer overflow attack examples

Probably the most infamous buffer overflow example, the Morris Worm attack was one of the first complex cyber attacks that used malware (a worm). The worm first attacked the buffer and the resulting chaos unintentionally crashed ARPANET (the network that became the basis for the Internet) via a Denial of Service (DoS). The attack didn’t require human interaction or execution as it self-replicated itself while sitting on a host system.

SQL Slammer attack in 2003

SQL Slammer Attack was a computer worm that infected 75,000 users in only 10 minutes. It also affected a number of DNS servers, many ISPs lost their connections, and it slowed down internet traffic around the world. This attack exploited a buffer overflow vulnerability in Microsoft's SQL Server and Desktop Engine database products (you can also read our article on SQL injection to understand how such attacks work).

WhatsApp attack in 2019

This is the most prolific and recent buffer overflow attack example. The attack that exploited a buffer overflow bug happened to the ostensibly secure WhatsApp messaging app. The app’s users were disturbed by the news since WhatsApp offers end-to-end encryption and promises secure conversations.

The attackers used voice-over-internet protocols and their vulnerabilities. They managed to overflow its buffer and then use it as a gateway to inject users’ devices with malware. The hackers simply needed to call the user, who didn’t even need to pick up the phone for the malware to be installed. These calls also weren’t visible in the call-log, so some users were completely unaware that their devices were infected. The malware gave hackers access to users’ messages, microphones and cameras.

How to prevent buffer overflow attacks

Buffer overflows usually happen due to software development mistakes. For example:

  • The storage needed for the application can be underestimated by the developers and programmers;
  • Programmers might overestimate how much data is already in a buffer and overflow it;
  • Data is sent to the wrong buffer;
  • Using the C/C++ programming languages, which are more susceptible to buffer overflows as they do not have built-in protection;
  • Failing to regularly test whether the data uploaded is within the boundaries of the buffer.

The most reliable way to protect applications and devices from buffer overflow attacks is to protect it at a language level and write the code in Perl or JavaScript. Another way is to perform bounds checks to make sure that the data in the buffer is within its limits.

Tips for users

Hopefully, this guide has helped you answer what is a buffer overflow attack, alongside helping you understand the ways you can protect yourself from them. As the 2019 WhatsApp attack has shown, it’s very difficult, if not impossible, for users to protect themselves from buffer overflow attacks. Most of the responsibility lies on programmers and developers. Therefore, it’s always a good idea to stay private online and reduce your data footprint. Remember – the more data and personally identifiable information you hold online; the more hackers will get in case of a breach.