Latest in Tomorrow

Image credit:

New DoS attack exploits algorithms to knock sites offline

The attack sends junk data to algorithms for processing.
Share
Tweet
Share

Sponsored Links

NicoElNino via Getty Images

Distributed Denial of Service (DDoS) attacks have caused their share of online chaos in the past, from being used to target messaging service Telegram during the Hong Kong unrest to crippling emergency communication systems in the US. Now, researchers have described a new vulnerability which could affect sites all over the internet.

The exploit was detailed at the Black Hat cybersecurity conference in Las Vegas by Nathan Hauke and David Renardy security company Two Six Labs, as reported by Wired.

Rather than a traditional DDoS attack which overwhelms a server by sending thousands of junk traffic requests to it from hundreds of different computers until it fails, the new attack uses a related technique called Denial of Service (DoS). The DoS attack can originate from just one machine and targets the algorithms used by many sites for data processing.

The researchers found a common vulnerability across three sets of software, in which they could throw large amounts of data at algorithms which then try to process the data and crash out. This worked for PDF software, by uploading a single large PDF file which could crash a whole website, for virtual networking computers (VNCs) which could be filled with junk data until the servers crashed and for password strength indicating software developed by Dropbox which could be stalled when a user entered thousand-character passwords.

In each case, the attacks take advantage of the large amount of processing done by algorithms. If these algorithms are fed enough junk data, they can gum up a website and cause server outages.

The researchers say they want to bring awareness of this vulnerability to developers' attention, and they have created a tool called ACsploit which developers can use to generate the "worst-case inputs for algorithms" and test against them.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Samsung's older smart TVs are losing remote control app support

Samsung's older smart TVs are losing remote control app support

View
Dell's XPS 15 and 17 leak with sleek new designs

Dell's XPS 15 and 17 leak with sleek new designs

View
WhatsApp imposes even stricter limits on message forwarding

WhatsApp imposes even stricter limits on message forwarding

View
Vizio SmartCast TVs add 30 new free TV channels

Vizio SmartCast TVs add 30 new free TV channels

View
NASCAR driver 'rage quits' esports race

NASCAR driver 'rage quits' esports race

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr