You’re no doubt well aware that security holes or vulnerabilities in your software can lead to your computer or network getting hacked – or in other words, malicious third parties taking control of your system, installing malware and stealing your information.
But how exactly do hackers exploit security holes?
In this post we look at how malicious hackers hack, what a security hole really is and what you can do to prevent attacks.
All software has weaknesses
Computer systems are really complex, and no software is perfect. That means all software has bugs and flaws that can be exploited by hackers.
When we read in the news about a new security hole that’s been exploited by hackers, it’s often a Microsoft program at the heart of the story. Internet Explorer and Windows have been subject to countless attacks in the past decade.
But Microsoft programs aren’t necessarily more vulnerable than others – it’s more that really popular programs are more attractive to hackers. The more widely used a program is, the more systems and data hackers can exploit. All software can be exploited and attacked.
‘Hacking’ means finding those weaknesses
The traditional definition of a hacker describes someone who explores a computer system and finds its weaknesses.
A well-intentioned hacker might then write a patch that fixes the problem, and share it with the software developer. A malicious hacker will use it for personal gain or amusement.
From weakness to vulnerability
So when do weaknesses, which are present in all software, become security holes that you need to deal with?
A popular definition of ‘security vulnerability’ describes it as “the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.”
Once a malicious hacker has found a weakness or susceptibility, he or she will create exploit code to take advantage of it. Now the hacker has the “capability to exploit the flaw” – and all they need to do is access it on your network.
Hackers attack vulnerable services, not ports
When talking about how hackers access your network to exploit security holes, we often talk about “open ports.” The advice is to close every port that isn’t being used, so that hackers can’t access your network.
It’s good advice, but it can also lead to confusion about what hackers actually do. Hackers can’t just attack any open port. And an open port is not a security hole in itself. Only a connected service with a security hole, running on an open port, can be attacked by a hacker.
Hackers will identify you as a target by pinging your IP address on the port number of the service they want to attack. If you’re running the vulnerable service, and its port is open, it will ping back – and the hacker can launch an attack.
Lots of services means lots of weaknesses
So if ports themselves aren’t vulnerable, why close them? It’s because modern operating systems and web browsers run lots of connected services in the background. They’re all assigned to a specific port number, and they all have weaknesses that could be subject to a zero-day attack at any time.
It’s difficult and time consuming to stop all the services you don’t need, so it’s easiest just to close all the ports you’re not using.
Zero-day attack? What’s that?
Sorry, just slipped that one in there. A zero-day attack is one that exploits a previously unknown vulnerability in a connected service. This means that at the time of the first attack, the software developer has had “zero days” to fix and patch it.
During the period between a zero-day attack and the moment you install a security patch, the service – and your computer or network – is vulnerable to hackers. (That is, unless you closed the port used by that service!)
A summary of how hackers attack, and some advice
Let’s recap for a moment. So far, we know:
- Hackers find the weaknesses that exist in all software, and create exploit code to take advantage of it
- Hackers can only attack vulnerable software that is assigned to an open port
- Modern operating systems and browsers run lots of these services, and new vulnerabilities are being discovered by hackers all the time
- You are open to attack from the moment a vulnerability is discovered to the moment you apply a security patch
There are three important lessons to learn from this.
Use your firewall to close every port you don’t need – Vulnerable services could be listening on open ports and leaving you subject to attack. Even a zero-day attack can’t affect you if the port it uses is closed.
Keep your software up to date – Once a vulnerability is discovered in your software, developers will usually release a patch shortly afterwards. Don’t ignore it – close security holes as soon as you can.
Replace software that the developer has stopped supporting – The life of every program and OS comes to an end at some point, when the developer stops supporting it with security fixes. A great example is Windows XP, which still has many vulnerabilities and is still used by millions of people, but is no longer being updated.