Loading [MathJax]/extensions/TeX/extpfeil.js
A Bad IDEa: Weaponizing uncontrolled online-IDEs in availability attacks | IEEE Conference Publication | IEEE Xplore

A Bad IDEa: Weaponizing uncontrolled online-IDEs in availability attacks


Abstract:

Botnets are an ongoing threat to the cyber world and can be utilized to carry out DDoS attacks of high magnitude. From the botmaster's perspective, there is a constant ne...Show More

Abstract:

Botnets are an ongoing threat to the cyber world and can be utilized to carry out DDoS attacks of high magnitude. From the botmaster's perspective, there is a constant need for deploying more effective botnets and discovering new ways to bolster their bot ranks. Integrated Development Environments (IDEs) have been essential for software developers to write and compile source code. The increasing need for remote work and collaborative workspaces have led to the IDE-as-a-service paradigm that offers online code editing and compilation with multiple language support. In this paper, we show that a multitude of online IDEs do not run control checks on the user code and can be therefore lever-aged by a botnet. We examine the concept of uncontrolled execution environments and present a proof of concept to show how uncontrolled online-IDEs can be weaponized to perform large-scale attacks by a botnet. Overall, we detect a total of 719 online-IDEs with uncontrolled execution environments and limited sandboxing. Lastly, as ethical disclosure, we inform the IDE developers and service providers of the vulnerabilities and propose countermeasures.
Date of Conference: 06-10 June 2022
Date Added to IEEE Xplore: 27 June 2022
ISBN Information:

ISSN Information:

Conference Location: Genoa, Italy

Contact IEEE to Subscribe

References

References is not available for this document.