Cybersecurity: Malformed Packet Attacks & Defenses

What it’s about

Devices on networks often communicate with software designed to send and receive messages that are encapsulated in packets.  Packets typically contain information like the addresses of the sender and receiver and one or more messages.  Examples include browser-server communication as well as phone-app-to-server communication. In such systems, sender and receiver software are designed to exchange packets in a compatible, expected format. But what happens when a packet is sent that is not in the correct format?

If new software or technologies are deployed that are not hardened against malformed packets, cyberattacks can end up exploiting their vulnerabilities.  These kind of attacks can cause a device or server to stop working. A malformed packet attack can even serve as a step toward gaining access to a network and its protected resources.   

In this activity, you will use a pair of micro:bit modules communicating on a radio network to explore the kind of problems malformed packet attacks can cause.  You will also learn how to update your scripts to prevent these kinds of attacks from interfering with your applications.

Before you start

You will need:

  • At least two micro:bit modules with their USB cables for these two activities:
    • Malformed Packets & the Countdown Timer
    • Malformed Packets and Sharing Something
  • A micro:bit and a fully built and tested cyber:bot robot with their respective USB cables for the third activity:
    • Malformed Packets and Keyboard cyber:bot Control

Complete these tutorials first:

After You Finish

You will be able to:

  • Understand how online applications can be vulnerable to malformed packet attacks.
  • Incorporate exception handling into applications to harden them against malformed packet attacks.
  • Combine encryption and exception handling in an application to harden it against both sniffing and malformed packet attacks.

Preventing fellow students from successfully mounting a malformed packet attack on one of your micro:bit apps might be a key ingredient in winning a networked robot race.  If you end up writing other software apps, the habit of testing for exceptions and incorporating exception handling into your apps can also help keep those apps safe from attackers.