What to Do When a Memory Corruption on an Input String Generates a DoS

Co-authored by Serena Mancini.

We often think of vulnerabilities as complex technical problems that are difficult to discover and exploit. But if a special character, such as a foreign-language character, in an application running on a common operating system generates a memory corruption issue, it could potentially result in a denial-of-service (DoS) incident, depending on how complicated it is to restore the service and the number of services impacted.

Mitigating the Risk of a DoS Caused by Memory Corruption

Vulnerabilities that lead to memory corruption may seem trivial, but they could enable a cybercriminal to create a DoS by simply sending a text message to a high-ranking leader within a company. Picture this: A general manager of a company is boarding a flight when his or her mobile device stops working, requiring repairs that can only be done in specialized offices. The impact of this incident on this executive, as well as his or her company, could be tremendous.

While absolute prevention is quite complicated, organizations can mitigate the risk of a DoS incident by implementing basic security controls. The most obvious solution is to patch the operating system or affected application, although updates are not always immediately available. Another good practice is to inform end users of the vulnerability and outline steps to mitigate it.

It’s possible to program an intrusion prevention system (IPS) to block transactions from being executed with the affected characters, but this could be problematic, depending on the layer visibility in the protocol. By determining which application is failing, you can eventually stop it from conducting any transactions. This strategy is not ideal, however, since it will interrupt the service the application provides. A better approach is to apply specific policies according to the industry, application and other factors.

Integrating MDM Into a Holistic Security Immune System

Security professionals can minimize the damage of a DoS event that impacts the functionality of mobile devices by implementing changes using a mobile device management (MDM) solution to prevent further disruptions. Of course, the mobile operating system must provide a proper API. The organization should also advise clients using the affected devices to patch their operating systems or change the configuration to remediate the threat. Depending on how you manage these devices, it may be possible to force an update.

A great way to remediate existing threats — and help prevent future incidents — is to integrate the MDM tools with other security controls. Although other cybersecurity functions require different types of management, processes and people, issues affecting mobile devices often impact the overall security framework. By consolidating these solutions in a holistic security immune system, organizations can proactively protect themselves against DoS attacks and other incidents, optimize costs and streamline the integration of disparate security tools.

Domenico Raguseo

Technical Sales and Solutions Leader in Europe, IBM Security

Domenico Raguseo is currently Manager of Technical Sales in Europe for the Security Systems Division. He has over 15...