Buffer Overruns (on Mobile Applications) - Part2
Related Blog Items
- Buffer Overruns - part1
- Bad Standard APIs
- Finding endianness
- Binary Streams Utility Classes
- Little, big endianess explained -- part2
What is a buffer overrun
Simply stated it is running a read or write pointer off the end of the allocated buffer into some other buffer. Usually it occurs because pointer arithmatic is bad worse there’s not buffer length checking at all.
Why are they bad
Hackers have figured out many ways to exploit buffer overruns to take over the device. In particular they can be used to load and run hostile code. Since handsets at this point in time still run mostly with a single memory space (little memory protection) a clever attacker can potentiall do the following:
- brick the phone so it has to go back to a service center
- break SIM locking
- take protected content
- reboot the phone
Are some worse than others?
In one sense all buffer overruns are the same and horribly bad because of the single memory space. They all give access to the whole handset.
In another sense they are not the same because some are easier to discover than others. For example well known overruns in open source are the easiest.
In another sense they are not all the same because some are easier to exploit than others. A one byte read overrun is not useful for an attacker. An overrun that smashes the stack that is easy to exploit via SMS is very useful.
[tags]buffer overruns, buffer over runs on mobile applications[/tags]
Popularity: 4%
You need to log on to convert this article into PDF
Related Blog Items - Buffer Overruns - part1
- Bad Standard APIs
- Finding endianness
- Binary Streams Utility Classes
- Little, big endianess explained -- part2
Related Blog Items
- Buffer Overruns - part1
- Bad Standard APIs
- Finding endianness
- Binary Streams Utility Classes
- Little, big endianess explained -- part2
No Comments
No comments yet.
