Exploiting the address-space-layout-randomization security (ASLR) mechanism, cybersecurity researchers have made it harder to crack Linux code in the memory heap.
The US National Institute of Standards and Technology (NIST) maintains a list of unique software vulnerabilities in all the world’s software, past and present. At the end of 2019, that list contained over 136,000 unique vulnerabilities: meaning that a hacker has over 136,000 possible ways to compromise almost any software that is in use.
Of course, the vast majority of these vulnerabilities have fixes available for them. But some vulnerabilities have been around for a long time, with no easy fix available.
A good example of this is memory corruption attacks, which are often used to try and exploit programs written in Linux, the most widely-used open source OS in the world.
Linux programs are the core building blocks for millions of personal computers, Android devices, laptops, internet routers, IoT products, smart TVs and more. They are also used to build web services for global banks, stock exchange platforms and major airlines. For two decades, Linux programs have been vulnerable to attacks in which the threat actor executes his malicious code once the memory in a computer system is altered or modified, usually in areas where the design of the main memory management of the program is not robust.
A recent example of this was revealed by Check Point Research in February this year, when they showed how a threat actor could exploit an IoT network of smart lightbulbs and their control bridge, to laun
A lightbulb moment: Safe Linking
After concluding this research on smart lightbulb security, Check Point researchers felt: surely there must be a way to help the global community mitigate this popular exploit primitive?
Seeking to put an end to this long-standing problem, they created a security mechanism to protect the heap’s (the main memory management) internal structure from being tampered with. In this lightbulb moment, they created what they have named, ‘Safe-Linking’.
Safe-Linking makes use of the randomness inherited from a security mechanism that is now heavily deployed in most modern operating systems, called Address-Space-Layout-Randomization (ASLR). ASLR randomly picks a base address to which the program will be loaded, thus forcing the hacker to have to guess the correct memory addresses, or leak them back to it using an additional, highly specific vulnerability.
Put simply, Safe-Linking removes the address data for the program, so the hacker can no longer be sure where in the system’s memory it will be loaded—making it much harder for them to launch an exploit against the program.
This specific mitigation would have blocked several major exploits that they have investigated over the years, turning ‘broken’ software products to ‘unexploitable’ products. In the case of their research into smart lightbulb vulnerabilities, this would have blocked the exploit and attack.
The researchers’ Safe-Linking approach has been pitched and successfully integrated into the most crucial system environments and core libraries in the Linux operating system. These libraries are the core building blocks for computers and the internet, and being used by almost any website, application or device in existence today.
Not a cure-all for careless security
Safe-Linking is not a magic bullet that will stop all exploit attempts against modern-day heap implementations. However, this is another step in the right direction: by forcing attackers to have a memory leak vulnerability before they can even start their exploit, Safe-Linking can raise the security bar and made exploitations harder to execute. This in turn should help to better protect users globally.
For more information, and a technical deep-dive into Safe-Linking, read all about it on Check Point’s research blog.