Posted on August 10, 2019 at 4:16 PM
Researchers and specialists in the online security field have unveiled a rather unpleasant discovery: there is a relatively new vulnerability that has the potential to affect nearly every website existing in the vast Internet world.
By now, the whole industry is quite familiarized with Distributed Denial of Service (DDoS) attacks. It involves several IP addresses perpetrating an attempt to make a network or device impossible to function properly by disrupting the host’s services with repeated traffic requests that flood and collapse the system.
A DoS Attack Rather Than a DDoS One
But in this particular case, the researchers found an exploit that is more like a traditional Denial of Service (DoS) attack. The vulnerability was revealed by the research group in Las Vegas, United States, at the Black Hat cybersecurity conference. Two Six Labs, a security firm with Nathan Hauke and David Renardy at the helm, was the responsible entity for breaking the news.
A DDoS usually involves a single, unique IP address rather than multiple ones. By overloading the servers of the victim with superfluous traffic requests, simple tasks become unbearable and nearly impossible to complete.
While DoS and DDoS have not only persisted and evolved through time, but are also very common. However, specialists in the cybersecurity industry are now warning people about a different form of attack, one that can have a similarly dangerous effect: offenses that don’t target server capacity, but instead, algorithms.
As it turns out, lots of Internet pages use algorithms as a tool to transform data inputs into what they want to achieve and show the world: results.
The exploit that Two Six Labs is referring to is more like a DoS attack, overwhelming a server from only one device. This situation may wreak havoc on the victim’s system because it targets the algorithms that numerous sites implement to process sensitive data and information.
The research presented in Las Vegas by Two Six Labs showcases how much damage can a small, seemingly harmless input for an algorithm cause.
Disrupting Communication Systems
No matter the specific type, DoS and DDoS can be very problematic for the person or entity receiving it. One of the high profile companies that have suffered them is the social media and instant messaging app Telegram, to disrupt critical communications systems and networks.
The research group experimented by throwing considerable amounts of data at the algorithms of three different sets of software, where they spotted the reported exploit. The mentioned algorithms make an attempt to process the information, but fail to do so.
According to Renardy, developers used some algorithm with unacceptable worst-case performance, and while looking at the three different, unrelated sets of software, they discovered that they all suffer from a sort of weak spot.
The aforementioned experiment was successful for PDF software: they uploaded one PDF file, but it was very large and had the potential to wreak havoc on a whole web page. Virtual Networking Computers (shortened to VNCs) were part of the trial, as they could fill them with useless, junk data to cause a server crash.
Using Algorithms to Take a Page Offline
The attack can be more dangerous than a regular DoS offense because it has the potential to take down a website all by itself: the attacks’ primary actors are algorithms: if they are fed the right amounts of junk data, they can disrupt a whole page and result in severe server issues.
According to the researchers, their primary intention is to raise awareness to help developers be alert about the vulnerability; that way, the Internet would be a much safer place for every party involved.
Two Six Labs, as part of their presentation, announced that they came up with a possible solution by creating a resource dubbed ACsploit, a tool that can be used by developers to simulate worst-case scenarios when it comes to algorithms, and also test against them.