Every day, hackers around the globe are discovering and exploiting new vulnerabilities in websites, applications, and even system architecture. One common thing in all electronic devices, old or new, is that they are run by programs that are stored in memory. Hackers have exploited this and found vulnerabilities known as buffer overflows.

Although not new, buffer overflow attacks and vulnerabilities have been wreaking havoc in cyberspace. Here, we'll explain to you what buffer overflow attacks are and how you can prevent them.

Understanding Buffers and System Memory

laptop ram so-dimm on table up close

To understand what a buffer overflow attack is and how it works, you need to know what a buffer is and how a computer's memory works.

Stack and heap memory are two main features of a computer's memory. They are data structures used for memory allocation. Although they are similar, stack and heap memory differ in multiple ways.

The stack, which uses the Last-in, First-out (LIFO) concept, is used in the RAM (random access memory) to store program executions temporarily, while the heap assigns memory using dynamic allocation to global variables. But the one thing they have in common is a buffer.

What Is a Buffer?

A buffer is a region of memory used to store data, most likely in a computer's RAM, while it is being moved from one location to another. These data are usually programs that need to be executed. Buffers are stored in the stack or heap. They optimize the execution of data.

What Is a Buffer Overflow?

A buffer overflow occurs when the buffer receives more data than its storage capacity. Because it is unable to process that amount of data, it overflows.

Now, in a computer's memory, just after a buffer or a buffer space is a return address. This return address is actually called an Extended Instruction Pointer (EIP). Its function is to point the computer to a specified program when filled. When a buffer has more data than it can hold and overflows, it overflows into the return address.

To understand this, let's assume you have a buffer space that can only hold five letters. So if you fill in words like "sugar" or "peace," the buffer flow can contain it. But when you have a word like "authentication," it is inevitably going to spill over. This leads to a bug or crash in the system. But hackers can exploit this vulnerability to start a buffer overflow attack.

What Is a Buffer Overflow Attack and How Does It Work?

An illustration of an attack code

Buffer overflow attacks happen when the hacker takes control of the return address or EIP. When the attacker knows the size of a system's memory, they can intentionally write data into that system just to overflow it. Then they make sure the EIP or return address is written to point to a program that can give them access to the system or reveal sensitive information stored on the system.

The attacker can even write some data that contains malicious code and cause the buffer to overflow. The EIP is then written to redirect the system back to the malicious code, and it is made to run. Then, the hacker gets control of the system.

There are five major steps in buffer overflow attacks:

  1. Spiking
  2. Fuzzing
  3. Finding the offset
  4. Overwriting the EIP or return address
  5. Exploiting the vulnerability

Spiking is the first step. Here, the hackers find the part of the program's memory that's vulnerable to buffer overflows. Then comes fuzzing, which is similar to spiking, but here, the hacker sends characters to the program to see if it can be broken. Once successful, the attacker proceeds to find the offset, which is where the buffer overflowed. This is done to know the size of the buffer and the return address. Then, the hacker inserts a malicious shell code and controls the system.

What Are the Types of Buffer Overflow Attacks?

There are two main types of buffer overflow attacks: stack-based and heap-based attacks.

1. Stack-Based Buffer Overflow Attacks

Stack-based buffer overflow attacks are the most popular type of buffer overflow attacks. They occur when the system's stack memory is overrun and exploited. It is also known as stack smashing.

2. Heap-Based Buffer Overflow Attacks

This type of stack overflow is not very common, as it is difficult to implement and exploit. It occurs when the memory allocated to a program overflows. In January 2021, Google discovered a heap-based buffer overflow vulnerability in the V8 component of Chrome.

How Can You Prevent Buffer Overflow Attacks?

Buffer overflow attacks can be mitigated using OS runtime protections, secure programming languages, address space layout randomization, and ensuring overall proper security measures.

1. Using OS Runtime Protection

Runtime protection is also known as runtime array bounds checking. This ensures that every program run is within the buffer space or memory available. And it checks every data written into the memory of the system. This makes it difficult for hackers to overwrite data into the system and exploit the vulnerability.

2. Using Secure Programming Languages

A screen displaying lines of React code

Programming languages like C and C++ do not implement runtime array bounds checking because it takes extra code to check every program written into the system and slows it down. Therefore, they are more susceptible to buffer overflow attacks. Using more secure languages like C#, Java, and Python is better because they run a lower risk of buffer overflow attacks.

3. Use Address Space Layout Randomization (ASLR)

This security measure randomly assigns the addresses of programs and functions in a system's memory to different data regions. It makes it difficult for an attacker to navigate through sensitive functions in the memory.

4. Ensure Strict Security Policies

This involves keeping the system updated regularly, validating every data written into the system, and assigning the least privileges to users. With the proper security policies in place, you shouldn't have to worry about a buffer overflow attack.

Keeping Your Security Tight Is Essential to Combat Buffer Overflow Attacks

According to a popular saying in security, "as long as a system is used by humans, a vulnerability exists," which is true and inevitable. However, one can always reduce the chances of attack by ensuring that proper security measures are in place and strictly adhered to.

Remember that hackers are constantly finding new ways to exploit vulnerabilities such as this one. Therefore, it's on you to stay ahead of them by keeping an eye out for the latest advancements in the field of cybersecurity.