Encapsulation Vulnerabilities

What is Encapsulation? 

All devices which possess the ability to communicate with one another via a data transfer are at risk of having their encapsulation vulnerabilities preyed upon. 

In order for a device to communicate with another, the data between them must be transferred via a series of instructions known as protocols. These protocols relate to the applications being used, the routing of network information to another destination and also the physical medium in which the data transfers. All of these protocols are modelled into stacks by a process named encapsulation.  

The OSI Model (Open System Interconnection Model) 

• When sending an email, for instance, the data is encapsulated and this can be represented by the OSI Model. 
• This model breaks down the encapsulation of data into parts – layers and stacks. In order for the email to be sent, the application data within it as well as the protocols relating to network and physical mediums form different layers. For example, the network layer and the physical layer. 
• This group of layers forms a stack. 
• This process is used to structure the protocols as well as keeping them confidential to third parties 

What is an encapsulation vulnerability? 

In the context of cybersecurity, within each layer, there are protocols with potential vulnerabilities that can be exploited. Hackers can prey on outdated protocols and perform denial of service attacks or access and steal confidential information.  

Application Layer Vulnerabilities 

The application layer is a big source of vulnerability as this pertains to the code and execution of instructions translating user interface app level inputs into data that can communicate with a server. Poor network administration or poor software development can create new vulnerabilities for attacks at this layer. 

Network Layer Vulnerabilities 

The network layer encompasses information that relates to the routing to new locations on the Internet. New destinations for data or IP addresses are set in place by Internet Protocol, part of the network layer. Once again, hackers can exploit vulnerabilities within these protocols if they are not routinely scanned.   

How does an attack work? 

The type of attack depends on the type of vulnerability being exploited. Here are just a few examples of how an Encapsulation vulnerability can be exploited, as stated in "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors". 

• Comparing Classes by Name.  

Comparing classes by name can lead a program to treat two classes as the same when they actually differ.  

• Data Leaking Between Users.  

Data can "bleed" from one session to another through member variables of singleton objects, such as Servlets, and objects from a shared pool.  

• Leftover Debug Code. 

Debug code can create unintended entry points in an application.  

• Mobile Code: Object Hijack.  

Attackers can use Cloneable objects to create new instances of an object without calling its constructor.  

• Mobile Code: Use of Inner Class.  

Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.  

• Mobile Code: Non-Final Public Field. 

Non-final public variables can be manipulated by an attacker to inject malicious values.  

• Private Array-Typed Field Returned from a Public Method.  

The contents of a private array may be altered unexpectedly through a reference returned from a public method. 

• Public Data Assigned to Private Array-Typed Field.  

Assigning public data to a private array is equivalent giving public access to the array.  

• System Information Leak.  

Revealing system data or debugging information helps an adversary learn about the system and form an attack plan. 

• Trust Boundary Violation.  

Commingling trusted and untrusted data in the same data structure encourages programmers to mistakenly trust unvalidated data. 

There are several ways an attack can be damaging to any organization: 

• Denial of Service 

An Encapsulation attack can be severe, and can cause prolonged periods of denial of service. The hackers can crash a website or service temporarily, or even take control of the service and hold it hostage creating a ransom situation.   

• Corruption of code/application 

Once access to sensitive application layer data is granted to a hacker, this can be very destructive. The hacker can leak the data, corrupt it, or even modify the way the application functions. 

• Breaches of Confidentiality 

If a vulnerability is exploited, the data accessed can pose a serious threat to the establishment’s integrity, with customer’s data or company data being leaked. This can be extremely damaging not only financially but may also affect an organization’s credibility and reputation. 

How can you stay protected from Encapsulation attacks? 

Firstly, up to date backups of code and data are fundamental when dealing with potential application-level code modification and ransomware attacks. If the organisation has the latest version of all data backed up and routinely secured, they cannot be held ransom for it as they will still have a copy. Similarly, code that might be corrupted or altered does not have to be re-written or fixed, it can just be backed up to the newest working version. 

If a breach of vulnerability is discovered, the stack or protocol and that data package it holds must be shut down whilst a hacker’s access is revoked. Again, a recent back up of all data allows for a more efficient response should an attack take place as the data can be reuploaded once the database is secured. 

Finally, routine scanning of the organization’s web application can identify attempted encapsulation attacks before they properly manifest in a hacker taking advantage of application layer vulnerabilities. 

Securiwiser can help your business stay safe in the cyber world via its daily monitoring of cyber threats, including those raised in this article. Start your free trial today by clicking here.