Wednesday, February 20, 2008

Self-propagating Packets in Harvard Sensor Networks

Qijun Gu and Rizwan Noorani at the CS Department of Texas State University at San Marcos have developed a ``mal-packet,'' which rebroadcasts itself upon reception by a Mica2. This is interesting because the mal-packets target a Harvard architecture machine, which has separate memories for code and data. As they are unable to execute the packet in data memory as code,they instead set up the stack to call a library function for rebroadcasting, similarly to how a return-to-libc attack would operate in Unix. Consult their WiSec '08 submission for more details.

Such an attack is important because it shows that the MSP430, which I crafted an overflow for in this article, is not the only sensor platform that's vulnerable to attack. It's not necessary for a node to be able to execute arbitrary code to cause a packet retransmission, being able to call existing code with arbitrary parameters is sufficient.

1 comment:

J. said...

nice post, this is interesting research. I look forward to the follow-ups.