Defining Buffer Overflow Attacks & How to Defend Against Them
During a buffer overflow, a program puts data in a memory area outside the buffer. That step can corrupt your data or crash your program.
Hackers know this, and sometimes they use your innocent-seeming buffer to take over your device.
Essentially, a buffer is a lifesaver if one of your programs runs out of memory and doesn't want to crash. The program can store data within that buffer and keep working. When your program needs even more memory than it can find within a buffer, it’s vulnerable to buffer overflow attack.
Buffer overflow attacks caused some of the most infamous hacking examples, from the Morris Worm in 1998 to Stagefright in 2015.
Let's explain how they work, and we'll help you understand how to protect yourself from them.
What Is a Buffer Overflow?
Almost every computer has a buffer. This dedicated space can hold or transport data so you can keep working without experiencing multiple crashes. But even the best buffer out there has a limit. And when you exceed it, an overflow begins.
A buffer overflow can be:
- Accidental. You try to do too much within one program, and you exceed the space the program gives you. The program may begin to behave erratically, and in some cases, it may stop working altogether.
- Intentional. Someone sends in data that's too large for your program. That dataset contains code that can replace the valid versions. When the new code runs, it can make the program do things you don't expect.
It may seem difficult for a hacker to craft a program that both understands your program completely and can change the way it works. But unfortunately, these attacks are relatively common.
Buffer Overflow Attack Types
Every program contains a buffer, but an attacker can follow one of two methods to take it over and begin an attack.
A buffer overflow attack can be:
- Stack-based. Your attacker sends data to a program, and that transmission is stored in a too-small stack buffer. Your hacker could choose a "push" function and store new items on the top of the stack. Or the hacker could choose a "pop" function and remove the top item and replace it. That means the hacker has officially inserted malicious code and taken control.
- Heap-based. Your hacker corrupts data within the heap, and that code change forces your system to overwrite important data.
As a user, you may not see these changes happening. But if you don't stop the progression, your program may start to hitch and stall. In time, it could crash.
Since buffer overflows often target important programs, such as operating systems, a hack could leave you with a device you can't control.
Know Your Buffer Overflow Vulnerabilities
Preventing an attack is easier than recovering from one. Thankfully, there are plenty of things you can do to keep your company safe.
Start by examining the code you use during development. Programming languages vulnerable to buffer overflow attacks include:
- Assembly
- C/C++
- Fortran
These languages come with no built-in protection, and they don't allow for routine checks for overflows.