Buffer overflow attacks: what are they and how do you prevent them?

28 September 2021

by Michael Barrett, Managing Director of Nexus Industrial Memory

One of the common cyberattacks employed by hackers is through a forced memory buffer (or stack) overflow, noting here that overflows can easily happen by accident if a program is poorly coded in a low-level language like C or C++.

During program runtime, when data is written to memory it goes to a specific address, for which space has been allocated in the memory map. The data might, for example, be a few bytes of information from another system, peripheral device or user information. If a larger volume of data is written to the location than can be accommodated, the excess code goes into the next available memory location.

How can this happen? Many memory addressing functions in C and C++ are unbounded. For example, the get(s) function in C reads data into a buffer. But there is no limit to the size of that data. So, if a hacker knows how the memory of an embedded system is architected, then the overflow data can be used to change the behaviour of the system in one of two ways.

Firstly, the system could be instructed to execute a different part of its current program next – simply by providing a new return address.

This might be to perform a legitimate function, such as the restoration of factory settings, including resetting passwords to defaults. Or the hacker can simply set a new password. Either way, the hacker has access to the system.

Secondly, the overflow can be used to introduce executable shellcode to give the system new behaviour.



This new code might be to reveal the password set by the legitimate user of the system. Or it could be to reveal the passwords used to join networks and communicate with other devices.

This is a somewhat more disturbing scenario because, following the attack, the shellcode can be removed via a second forced overflow that restores the original data. Compared to the first scenario, which might be discovered when a legitimate user questions why their password no longer works, this hack can easily go unnoticed.

 

Fixes

A simple solution is to code in a more secure language (such as C# or Java). Also, if you have room for an operating system, then most have good memory management mechanisms. These include declaring some areas of memory as non-executable and allowing memory spaces used during runtime/execution to be given random locations.

Another option, whether you do or do not have room for an OS, is to use dedicated memory management unit (MMU, a hardware component). Also, there is a kind of stripped-down MMU called a memory protection unit (MPU). Also implemented in hardware and typically within the CPU core, it allows only privileged software to allocate memory locations and assign their properties. MPU is, for example, present in Arm’s Cortex-M family of processor cores, which are popular in safety critical applications.

For further information on this subject and others, check out our ‘Securing your Embedded Memory’ guide.