Latest in Tomorrow

Image credit: NicoElNino via Getty Images

New DoS attack exploits algorithms to knock sites offline

The attack sends junk data to algorithms for processing.
307 Shares
Share
Tweet
Share
Save

Sponsored Links

NicoElNino via Getty Images

Distributed Denial of Service (DDoS) attacks have caused their share of online chaos in the past, from being used to target messaging service Telegram during the Hong Kong unrest to crippling emergency communication systems in the US. Now, researchers have described a new vulnerability which could affect sites all over the internet.

The exploit was detailed at the Black Hat cybersecurity conference in Las Vegas by Nathan Hauke and David Renardy security company Two Six Labs, as reported by Wired.

Rather than a traditional DDoS attack which overwhelms a server by sending thousands of junk traffic requests to it from hundreds of different computers until it fails, the new attack uses a related technique called Denial of Service (DoS). The DoS attack can originate from just one machine and targets the algorithms used by many sites for data processing.

The researchers found a common vulnerability across three sets of software, in which they could throw large amounts of data at algorithms which then try to process the data and crash out. This worked for PDF software, by uploading a single large PDF file which could crash a whole website, for virtual networking computers (VNCs) which could be filled with junk data until the servers crashed and for password strength indicating software developed by Dropbox which could be stalled when a user entered thousand-character passwords.

In each case, the attacks take advantage of the large amount of processing done by algorithms. If these algorithms are fed enough junk data, they can gum up a website and cause server outages.

The researchers say they want to bring awareness of this vulnerability to developers' attention, and they have created a tool called ACsploit which developers can use to generate the "worst-case inputs for algorithms" and test against them.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
307 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
YouTube is removing its direct messaging feature in September

YouTube is removing its direct messaging feature in September

View
Walmart sues Tesla after solar panels catch fire at stores

Walmart sues Tesla after solar panels catch fire at stores

View
Nikon updates its SnapBridge app for faster image transfers

Nikon updates its SnapBridge app for faster image transfers

View
A fourth 'Matrix' movie is happening

A fourth 'Matrix' movie is happening

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr