Java VM Heap Snooping
Results 1 to 6 of 6

Thread: Java VM Heap Snooping

  1. #1
    Member
    Join Date
    Mar 2002
    Posts
    50

    Question Java VM Heap Snooping

    Hello Everyone,

    I was wondering, is it possible for a malicious user to snoop on the Java Virtual Machine's heap and get back data that can make any sense?

    And if that is possible, what are the best practices to avoid such attacks?

    Thank you.
    Confusion, will be my epitaph...
    King Crimson - Epitaph

  2. #2
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    I doubt there is much a chance of that in the JVM itself, however it is possible and common for Java to load support libraries and .DLLs. Once these are loaded the functions are available directly from Java, and they may present an attacker with access to calls that can then be exploited. The best practice to avoid this is to try and avoid using components which are wrritten with weakly typed languages (C,C++) or do a little research into the code/component to see if it has been written with security in mind.


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    No Java code is allowed to access any memory directly, including the heap. This is because Java doesn't (directly) have pointers, so there is no method by which memory can be accessed.

    Of course a native library can do anything - including things much more serious than leeching the Java heap. Why bother looking at the Java heap when it can simply install a keylogger?

    However, untrusted code (including that in unsigned applets) is not allowed to load native libraries.

    So I'd have to say, no, there is no value in trying to snoop the Java heap, it is not possible without extra permissions, and with extra permissions there is no point as there are easier ways to obtain unauthorised info.

    Slarty

  4. #4
    Member
    Join Date
    Mar 2002
    Posts
    50
    First of all, I thank you very much for your replies...

    But what if the applet or application collects information from the user using the mouse (in such case a key-logger is useless)?

    I know that Java code cannot access the heap directly, but what if an application written using another language perhaps C++ managed to access the heap, will the attacker find useful information?

    And by the way, what are the chances of such attacks?
    Confusion, will be my epitaph...
    King Crimson - Epitaph

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Originally posted here by crimson_fate
    [B]
    But what if the applet or application collects information from the user using the mouse (in such case a key-logger is useless)?
    Applets are only allowed to collect keyboard/mouse input from inside their own windows.

    If an Applet creates a new window, it contains the text "Warning: Applet window" or something like that. This is an attempt to prevent the Applet from using "social engineering" to obtain the password from the user by stealth. Most users are probably too stupid to know about this though

    I know that Java code cannot access the heap directly, but what if an application written using another language perhaps C++ managed to access the heap, will the attacker find useful information?
    The C++ application would have to be running locally on the victim's machine, so there would be no reason to snoop the Java heap as the attacker would already have full access. You *could* snoop the Java heap, but the chances are it would just be full of junk.

    The C++ app could just install a keylogger instead and it would be far more effective at getting privileged info (not to mention sending all of the user's files to the attacker by email)

    Slarty

  6. #6
    Member
    Join Date
    Mar 2002
    Posts
    50
    Thank you very much, slarty, I really appreciate your help...
    Confusion, will be my epitaph...
    King Crimson - Epitaph

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •