Hyderabad: With coming to light of the Pegasus spyware attacks, concerns have been raised by cyber-security experts over highly sophisticated attacks ahead. The Pegasus spyware attacks come under the category of buffer overflow attack, where the source code of a particular application could be altered and controlled by the hackers’ instructions.
It is one of the most sophisticated attacks, where there is no involvement of the targeted users. The vulnerability allowed attackers to inject commercial spyware on to phones simply by ringing the number of a target’s device.
Instant message service providers like WhatsApp, Telegram and others usually have this end-to-end encryption services. This encryption stores keys to a messaging session exclusively within the service providing platforms, where they change data into cryptographic encryption algorithms, which have public and private keys. The public key is shared with the destination (legal authority to open message) from sources where the messages originated. The service provider, using private keys, alone can decrypt and renders it difficult for others to crack them.
Sai Krishna, chairman, Global Cyber Security Forum, told Deccan Chronicle, “This attack is termed as buffer overflow attack. In all systems, there is a buffer zone, where temporary memory allocations happen in order to actually give fast and quick run-time experience for a user. Programmers write a buffer allocation as per programming requirements (of the application). There is a lot of scope for vulnerability here.”
Local buffer is needed to run programs seamlessly, to provide a good user experience and facilitate user operations. Attackers can misuse buffer overflows and allocation, drop in a hacker code and hijack a particular application to run as per his direction, Krishna said.
Explaining the modus of operations, he said, hackers first understand a program application, how it functions, the kind and quantum of buffer allocations required, extent of buffer overflow programmed, and then, find vulnerabilities to exploit. Within a buffer allocation, which runs on RAM memory, a malicious payload can be dropped through a video call into the handset without the user’s knowledge or involvement.
Once a payload is delivered on to a handset, hackers can listen to conservations, active a microphone in the phone, use handset camera, control WhatsApp data and other operations. Buffer overflow is associated with source code of programs. Once a hacker can change the source code, in turn, applications can be changed and controlled, and surveillance can be initiated, said Krishna.
Some of the most advanced attacks witnessed recently include the buffer code attack, file less attack, remote access code and APT attacks. In the Kudankulam nuclear power plant cyber attack, hackers used remote access code. From a hacker command control center, they can give instructions and make the device act as per instructions. In-depth and sophisticated knowledge is required for hackers to launch such attacks and takes a long time to master.
Targeted users can’t do much in such attacks. The onus lies with service providers, who need greater protection layers in programming code to avert these types of attacks. Since the vulnerability lies with programme and application code, whole responsibility lies on services providers. Unless providers have more secure code, such attacks cannot be stopped. Sooner or later, vulnerability created by service providers can be exploited.