backtop


Print


Vincenzo Iozzo  (Source: Black Hat DC)
Claims he can overwrite other programs’ code in memory without leaving a trace

Vincenzo Iozzo, a student security researcher at Politchnico di Milano University in Italy, unveiled a startling new attack against Mac OS X computers that allows hackers to inject malicious code into another program’s memory space – and then vanishes as soon as the computer is switched off.

Speaking at the Black Hat DC cybersecurity conference in Washington, DC, Iozzo said his technique relies on injecting arbitrary code into a program’s executable memory while it is running, guided by the memory locations described in the actual program binary, which is stored in a file format called Mach-O. The injected code runs when the code it originally overwrote is called upon by its host.

Attacks of this kind are nothing new, however, and the secret behind Iozzo’s memory injection attack is that it runs completely from RAM, leaving no trace on the host machine’s hard drive; other techniques have generally required, at least minimally, some form of temporary storage.

The main weakness of his attack is that it relies on an unspecified means of executing arbitrary code on the computer in the first place: according to Iozzo’s presentation (PDF), an attacker must have knowledge of remote code execution “in his pocket” in order to convince his mark’s computer run a bootstrapper that initiates the attack.

While it is unclear as to whether or not Iozzo’s technique allows hackers to tamper with code running at System-level privileges – Iozzo describes the attack as limited to “userland”, or regular desktop applications – it does allow an attacker to modify a program like Safari to do something malicious like monitoring passwords and keystrokes.

Iozzo’s technique most closely resembles Firewire-port memory injection attacks that previously felled Windows, Mac OS X, and Linux: both make use of some transient medium to arbitrarily inject code into the program section of a computer’s memory, which is normally heavily protected from attack. Once the malicious code is in, an attacker can make a computer do pretty much the OS would allow the original host program to do – all without setting off security software.





"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs
Related Articles







Latest Blog Posts
What else to worry about?
Saimin Nidarson - Mar 17, 2017, 6:45 AM
Todays’ Life
Saimin Nidarson - Mar 14, 2017, 7:30 AM
News and Tips
Saimin Nidarson - Mar 13, 2017, 6:30 AM
Some News
Saimin Nidarson - Mar 8, 2017, 7:09 AM
News
Saimin Nidarson - Mar 7, 2017, 8:45 AM
World news 3-6
Saimin Nidarson - Mar 6, 2017, 5:40 AM
Mixed News
Saimin Nidarson - Mar 4, 2017, 7:40 AM
Mixed News of the Day
Saimin Nidarson - Mar 4, 2017, 6:32 AM
Mixed News of The World:
Saimin Nidarson - Mar 2, 2017, 7:02 AM
World New 3-1
Saimin Nidarson - Mar 1, 2017, 6:30 AM
Gaming News of The Day
Saimin Nidarson - Feb 28, 2017, 6:56 AM






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki