Applications and SoftwareSoftware subversion is a cybersecurity technique that directly targets the inner workings of an application. Anti-subversion software is designed to prevent software subversion attacks, but it’s essential to understand each software subversion technique to protect against it. These attacks typically require high levels of technical skill, and they usually demand more from the attacker than social engineering or other types of attacks. Some of the most frequently used software subversion techniques include buffer overflows, memory editing, and SQL injection. This section will explore software subversion attacks in detail along with methods of protection and prevention.
Buffer Zones: Methods and TechniquesA buffer is a section of physical memory that is designed to temporarily store input data. Buffers are often used in conjunction with input devices, such as cameras, or to transfer data between applications. Buffers are designed to hold a specific amount of data, and input data that exceeds this limit can trigger a buffer overflow. This results in input data overwriting adjacent buffers in physical memory. If you think of physical memory as a grid of compartments, a buffer overflow is when one compartment breaks and leaks data into the neighboring compartment. Buffer overflows can cause crashes, errors in memory, and unauthorized modifications to a program’s code. The primary defense against buffer overflow attacks is “canary” values. Much like the canary in the coal mine, the destruction of a canary value indicates a buffer overflow and shuts down the program. The presence of the canary value is periodically checked, and overwriting the value causes the program to halt.Memory editing is a method that involves altering the dynamic memory values of a program to inject code or achieve an unauthorized result. A memory scanner will read and decode memory values used by a program in real-time and allow for live edits. For example, detecting and modifying the value that determines the free-trial or purchased status of licensed software. Code injection is an advanced technique that utilizes memory editing to make live changes to a software’s code. This technique requires advanced knowledge of the assembly programming languages. The CPU reads machine language instructions from a program to operate, and memory scanners translate these instructions into assembly. The attacker modifies the assembly code in real-time to alter the core functions of a program. Encrypting data flow in your program, creating a separate process for storing sensitive data, and using pointers over static values are all ways to prevent memory editing attacks.
SQL injection is a technique that specifically targets web applications. Input fields, such as username and password forms, are submitted with values that alter the code of an application. The SQL server that stores and compares validated credentials is fooled into thinking the input data is part of the application’s code. One of the most famous SQL injection attacks is “DROP TABLE name_of_table”. This code snippet, when inputted with a valid table name, triggers the deletion of the entire table. This can break the web application or trigger an unauthorized escalation of user privileges. The main defense against SQL injection is special rules for inputs when registering credentials with the SQL server. This is done by prohibiting certain characters and adding character limits to usernames and passwords.Software subversion demands more technical skill than other types of attacks. While a hacker may have success with a widely distributed phishing email, software subversion requires programming knowledge and provides more angles and avenues of attack. In short, software subversion has a higher barrier to entry and offers greater control and opportunities for attack.TL;DRSoftware subversion involves a direct attack on a program or process. There are several unique methods of software subversion, and this section delves into some of the most popular types of attacks. A detailed explanation of each approach is provided along with methods for prevention.