Co-authored by Serena Mancini.

We often think of vulnerabilities as complex technical problems that are difficult to discover and exploit. But if a special character, such as a foreign-language character, in an application running on a common operating system generates a memory corruption issue, it could potentially result in a denial-of-service (DoS) incident, depending on how complicated it is to restore the service and the number of services impacted.

Mitigating the Risk of a DoS Caused by Memory Corruption

Vulnerabilities that lead to memory corruption may seem trivial, but they could enable a cybercriminal to create a DoS by simply sending a text message to a high-ranking leader within a company. Picture this: A general manager of a company is boarding a flight when his or her mobile device stops working, requiring repairs that can only be done in specialized offices. The impact of this incident on this executive, as well as his or her company, could be tremendous.

While absolute prevention is quite complicated, organizations can mitigate the risk of a DoS incident by implementing basic security controls. The most obvious solution is to patch the operating system or affected application, although updates are not always immediately available. Another good practice is to inform end users of the vulnerability and outline steps to mitigate it.

It’s possible to program an intrusion prevention system (IPS) to block transactions from being executed with the affected characters, but this could be problematic, depending on the layer visibility in the protocol. By determining which application is failing, you can eventually stop it from conducting any transactions. This strategy is not ideal, however, since it will interrupt the service the application provides. A better approach is to apply specific policies according to the industry, application and other factors.

Integrating MDM Into a Holistic Security Immune System

Security professionals can minimize the damage of a DoS event that impacts the functionality of mobile devices by implementing changes using a mobile device management (MDM) solution to prevent further disruptions. Of course, the mobile operating system must provide a proper API. The organization should also advise clients using the affected devices to patch their operating systems or change the configuration to remediate the threat. Depending on how you manage these devices, it may be possible to force an update.

A great way to remediate existing threats — and help prevent future incidents — is to integrate the MDM tools with other security controls. Although other cybersecurity functions require different types of management, processes and people, issues affecting mobile devices often impact the overall security framework. By consolidating these solutions in a holistic security immune system, organizations can proactively protect themselves against DoS attacks and other incidents, optimize costs and streamline the integration of disparate security tools.

More from Endpoint

Combining EPP and EDR tools can boost your endpoint security

6 min read - Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and respond to endpoint threats in real-time. EPP and EDR have some similarities, as they both aim to protect endpoints from threats, but they also have…

The needs of a modernized SOC for hybrid cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…