What is a buffer overflow attack?

What is a buffer and buffer overflow?

To understand what a buffer overflow attack is, it’s important to first know what a buffer is. A buffer is a temporary data storage area that holds data while it is being transferred from one place to another. Buffers help manage data input and output for various devices and software. For example, buffers are used for things like keyboard input, audio playback, and even for software applications such as Photoshop. Programs often use multiple buffers to keep data flowing efficiently and to manage tasks smoothly.

You can think of a buffer like a container that can hold only a certain amount of data at a time. Once the data is processed or transferred, the buffer can accept new data.

A buffer overflow occurs when more data is written to a buffer than it can hold. This causes the excess data to overwrite adjacent memory, potentially corrupting or altering other parts of the program. When this happens, the program may behave unpredictably — you may notice crashes, errors, or unintended results. In some cases, buffer overflows can allow attackers to exploit these memory vulnerabilities and execute arbitrary code.

How does a buffer overflow attack work?

In a buffer overflow attack, a hacker deliberately sends more data to a buffer than it can handle, which causes the overflow. This overflow can then overwrite critical areas of the program’s memory and even allow the attacker to inject malicious code. Once the attacker has control over the memory, they can manipulate the program or gain unauthorized access to the system.

For instance, in a buffer overflow attack, the hacker might intentionally overload a system with more data than it can manage and cause it to crash. After the crash, the attacker can exploit the vulnerabilities left by the overflow, which may involve executing malicious code. This type of attack has been used in various real-world scenarios, such as the WhatsApp vulnerability in 2019, where attackers injected malware into users’ devices via a buffer overflow exploit.

Buffer overflow examples

Buffer overflow attacks are still as relevant now as they were back in the 80s when they emerged. Some of the most notorious examples include:

The Morris Worm attack in 1988

Probably the most infamous buffer overflow example, the Morris Worm attack was one of the first complex cyberattacks that used malware (a worm). The worm exploited a buffer overflow, causing chaos that unintentionally brought down ARPANET (the network that became the basis for the Internet) via a denial-of-service (DoS) attack. The attack didn’t require human interaction or execution because the worm self-replicated while residing on a host system.

SQL Slammer attack in 2003

SQL Slammer Attack was a computer worm that infected 75,000 users in only 10 minutes. It also affected several DNS servers, caused many ISPs to lose connections, and significantly slowed down global internet traffic. The worm exploited a buffer overflow vulnerability in Microsoft’s SQL server and Desktop Engine database products.

WhatsApp attack in 2019

One of the most notable buffer overflow attacks in recent history targeted the WhatsApp messaging app. Users were shocked by the breach, especially since WhatsApp offers end-to-end encryption and promises secure communications.

The attackers exploited vulnerabilities in the voice-over-internet protocol that WhatsApp applies. They triggered a buffer overflow and used it as an entry point to inject malware into users’ devices. Remarkably, the attackers only needed to place a call to the user — the user didn’t even have to answer for the malware to be installed. Still worse, these calls did not appear in the call log, so many users were unaware their devices had been compromised. The malware granted hackers access to users’ messages, microphones, and cameras.

How to prevent buffer overflow attacks

Buffer overflows typically occur due to software development errors, such as:

• Underestimating the storage needed for the application.
• Overestimating how much data is already in the buffer, leading to overflow.
• Sending data to the wrong buffer.
• Using programming languages like C/C++, which are more prone to buffer overflows and lack built-in protection.
• Failing to regularly test whether the data fits within the buffer’s boundaries.

The most effective way to protect applications and devices from buffer overflow attacks is to handle the risk at the programming language level, using languages like Perl or JavaScript, which offer better built-in protection. You can also perform bounds checks to make sure that the data stored in the buffer stays within its limits.