How Hackers Exploit Real-Time Application Vulnerabilities

Jun 17, 2021By Subspace Team

TL;DR

While humans remain the biggest vulnerability, hackers are learning to exploit IoT devices and real-time streams to gain entry into systems.

Estimated read time: 6 minutes


Over the last year, we saw a stark increase in hacking activity. Some reports showed an increase of as much as 400%—or more than 4000 attacks per day. The rise in working from home and departure from secured company networks is undoubtedly a factor, but our increased use of real-time applications and their need for low latency solutions may create vulnerabilities as well. So what are the critical exploits we need to know about, and how can we protect against them?

The Human Problem

The most common and successful exploits take advantage of humans as much as, and often more than, technology. Social engineering and phishing attacks are two of hackers’ favourite types. While the pandemic made working from home the safest option in many ways, the infrastructure to support remote work was, in many instances, quickly erected and not necessarily as secure as it should have been. “The rush to deploy new digital technologies often comes without the right security measures in place,” according to a report by IDC.

The rise in remote work provided an increase in vulnerabilities (read: opportunities) for hackers. In addition to the speed with which many companies adopted work-from-home strategies, the pandemic gave hackers another tool to work with: fear. According to the 2020 Threat Hunting Report from Crowdstrike, “The pandemic created opportunities for adversaries to exploit public fear through the use of COVID-19-themed social engineering strategies.”

The Crowdstrike report exemplifies the problem with the story of an agriculture company that fell victim to a phishing attack. The lure, a weaponized Word document, was delivered disguised as a job opportunity from a recruiter to an unsuspecting user. The adversary didn’t just send an email out of the blue, either. Instead, they used various social media channels and applications to communicate with the user before delivering the weaponized document.

Such phishing attacks could gain a stronger foothold with more workers operating outside corporate walls, which often means lax security. Ultimately, humans remain the most significant vulnerability in the enterprise.

Another form of attack that is on the rise is RDP, or remote desktop protocol, attacks, which rose by about 768% in 2020 between Q1 and Q4. The increase isn’t shocking given the rise in the number of people working from home. Experts estimate that about five million RDP servers are exposed on the internet, compared to about two million pre-pandemic.

Solutions to Lessen the Human Problem

There are ways to make the human problem less pervasive. One of the most essential steps for the enterprise to take involves passwords. Requiring strong, unique passwords is a solid first step in protecting your data.

Multifactor authentication is also an essential rung on the security ladder. Criminals can rent botnets designed to guess common default usernames and passwords. The botnets then take over the devices and launch distributed denial of service (DDoS) attacks. Strong, unique passwords and two-factor authentication protect against these types of attacks, even without any other security measures.

In the case of the phishing attack at the agriculture company, web filtering combined with employee training may have prevented the hackers from gaining control. By restricting access to specific sites, such as social media sites, the organization can reduce the number of opportunities hackers exploit. It’s essential to provide regular training in identifying increasingly sophisticated social engineering attacks, as well as copious reminders to be on guard.

To protect against RDP attacks, the enterprise needs to make sure that ports are not exposed. Weak passwords, again, are a huge problem. In addition to ensuring that passwords are strong, unique, and require multi-factor authentication, check that only users who need remote access have it. RDP connections should otherwise be disabled.

Hackers Also Use Sneakier Means of Attack

Along with social engineering, phishing, and RDP attacks, there’s been an increase in “living off the land attacks.” Such attacks use what already exists on the system. Hackers use legitimate tools that have been properly installed to hide malicious activity.

Piggy-backing off standard tools with wide adoption gives hackers more cover; they are much harder to detect. An example from the Threat Hunter report involves a healthcare organization. The hackers exploited an Apache web server process, and they used a tool that masqueraded as a legitimate Windows system process to execute the attack.

The public internet and public wifi are excellent inroads for adversaries to exploit piggy-back attacks. Security protocols must be in place along the data path.

Real-Time Requires Particular Security

Real-time applications often don’t have firewalls because they introduce latency; however, the lack of firewall protection makes them easier to attack.

Proprietary voice over IP (VoIP) and video systems are among the most vulnerable, especially those that aren’t built off WebRTC. Session initiation protocol (SIP) traffic is plain text and makes voice traffic vulnerable to numerous types of attacks.

A lack of standardization and often of resources is part of the reason real-time applications are more vulnerable to attack. SIP traffic should be encrypted to protect users, but there’s no standard for encryption.

Many proprietary VoIP systems don’t use real-time transport protocol (RTP), which leaves a vulnerability that can be exploited. RTP is used for real-time transmission and uses numbering, timestamping, and delivery monitoring to help secure VoIP traffic. However, quality-of-service isn’t guaranteed for real-time, so some developers don’t use it.

WebRTC: Better, But Still Vulnerable

While WebRTC is the most secure voice and video technology available, it still has some vulnerabilities, and there are some common pitfalls that the enterprise must avoid.

One of the challenges is that it was designed for peer-to-peer communication between browsers and mobile applications. It doesn’t always work perfectly across different networks. One way around that problem is the use of a traversal using a relay NAT (TURN) server. TURN servers can increase latency, and they increase the cost.

WebRTC also only just received standardization, so adoption and implementation may take some time.

WebRTC is designed with security as a foremost concern, and it’s designed to work inside browsers, an environment prone to hacking and malware. Because there are so many adversaries looking to attack through browsers, security is important.

Since it works inside browsers, WebRTC has the advantage of its focus on security, which makes it the most secure option available for real-time applications. Still, browsers’ security depends to some degree on humans taking the necessary precautions, and as we’ve already discussed, human error is a serious problem in security!

The Internet of Things Is Not Always (or Usually) Secure

Both hackers and security experts are talking about the weaknesses of the Internet of Things (IoT). Newer IoT infrastructure and legacy systems alike weren’t designed for today’s security problems. In fact, there’s evidence that the IoT security situation is getting worse rather than better.

As the pandemic underscored, digital strategy and data are the keys to business resilience. Yet, just as the rush to work from home brought about security issues, so can the rush to deploy other digital technologies. Taking the time to secure infrastructure and patch gaps in existing systems is necessary.

Just as with the other security issues discussed in this post, securing the IoT requires basic measures like strong, unique passwords, performing updates and patches regularly, and securing interfaces. Another crucial element of security for IoT systems is device management.

A study of the Internet of Medical Things (IoMT) in 2020 found more than five million unmanaged devices! In many cases, IoT devices were connected and deployed without IT’s knowledge. Devices included Amazon Alexas and Echos, and even a Tesla and Peloton. Facebook and YouTube applications were found running on MRI and CT machines. These unmanaged devices present enormous security risks and increase the likelihood of a ransomware or malware attack exponentially.

Network Security

Ultimately, the networks themselves need to help protect users. Before the WebRTC protocol, security wasn’t a top consideration. Given the many changes in technology and how we use it, not to mention the proliferation of bad actors, security must be a paramount concern at this point. Real-time applications need router and firewall security protections comparable to SBCs, for example, to help defend against hacking.

Networks have the opportunity to proxy and defend. Choosing the right network is key. Subspace is an IP-level proxy acceleration network. Built natively for real-time, we accelerate and secure your application traffic with inline DDoS protection and packet protection. Whether you connect with PacketAccelerator, SIPteleport, GlobalTURN, or RTPspeed, we keep you moving quickly and securely.

Want to start building on Subspace today? Sign up here.


Related Articles