IoT System Cyber Attack

02- Build Pickle Bomb

Prepared by Ahmed Galal

Under supervision of Prof.samy Ghoniemy
 IOT
Cyberattack
path
 A Pickle Bomb is a type of deserialization attack that exploits the
Python pickle module. The pickle module allows Python
objects to be serialized (converted to a byte stream) and
deserialized (converted back to Python objects). However,
it can also lead to severe security vulnerabilities when
deserializing untrusted data.

Pickle
What is a Pickle Bomb?
A Pickle Bomb is a specially crafted malicious serialized Python
object, created using the pickle module. When deserialized, it
Bomb can execute arbitrary code, leading to unintended
behavior such as remote code execution (RCE) or denial of
service (DoS).
This attack is particularly dangerous because the pickle module
does not impose any restrictions on the types of Python
objects it can deserialize. Malicious actors can craft a
payload that, when deserialized, triggers the execution of
arbitrary Python code, potentially compromising the
application, server, or system.
 Deserialization is the process of converting data from a format that can be easily stored or transmitted (like JSON, XML,
or binary formats) back into an object or data structure that an application can work with. This process is common in
many systems, especially those that interact with external services, databases, or APIs.

However, when deserialization occurs with untrusted or malicious data, it can create significant security vulnerabilities.
Malicious actors may craft data that, when deserialized, causes unexpected behavior in the application, potentially
leading to serious exploits. The vulnerabilities that arise from deserialization issues can include:

Types of Deserialization Attacks

1. Arbitrary Code Execution:

• When an application deserializes data, the deserialization process may invoke methods or classes from the
serialized data. If the attacker manipulates the data to include payloads that trigger unsafe code execution
(like invoking certain functions or executing system commands), the attacker can take control of the system.
This can lead to full remote code execution on the affected server.

Deserializa 2. Denial of Service (DoS):

• Malicious data can also be crafted to cause resource exhaustion during deserialization. For example, the

tion and
deserialized data could be crafted to create very deep or complex object graphs, causing the application to
run out of memory or crash. This results in a DoS condition.

3. Data Corruption:

Its Risks • If deserialization involves updating or interacting with a database, corrupted data might lead to integrity
issues or even loss of data. An attacker could manipulate serialized data to force the application to write
erroneous or harmful data to the database.

4. Privilege Escalation:
• Attackers might modify serialized data to impersonate a legitimate user, potentially gaining access to higher-
level privileges within an application or system. This could lead to unauthorized access to sensitive data or
operations.

Why Deserialization Vulnerabilities Happen

• Trusting Input Data: Many applications make the mistake of assuming that the incoming serialized data is valid or
comes from a trusted source. However, when untrusted input is deserialized without proper validation or
sanitization, it creates a window for attackers to exploit.

• Lack of Input Validation: Insufficient checks on the data being deserialized may allow malicious actors to craft
inputs that bypass normal validation mechanisms.

• Insecure Libraries: Some serialization/deserialization libraries may have inherent flaws or weaknesses that
attackers can exploit. Additionally, applications may use outdated or vulnerable libraries for deserialization.
 A Pickle Bomb typically works by including a specially
crafted payload within the serialized data that, when
deserialized, runs harmful code. For instance:

How Does 1.Malicious Code Execution: The attacker creates a

a Pickle serialized object that, when deserialized, causes an
arbitrary Python function (such as
Bomb os.system('command')) to execute. This allows
attackers to execute system commands or
Work? interact with the underlying server.
2.Infinite Loops or Resource Exhaustion: The
attacker could also craft a serialized object that
triggers an infinite loop or creates an extremely large
object graph that exhausts system resources (e.g.,
CPU, memory), resulting in a denial of service.
 1.Arbitrary Code Execution: Since pickle can execute
arbitrary code when deserializing objects, attackers
can exploit this vulnerability to run malicious code
on the server. This can lead to remote code
execution (RCE), allowing attackers to take control
of the system.
Why Are 2.Untrusted Deserialization: If an application deserializes
untrusted data using pickle, it opens up a major
Pickle security hole. A common example is a web
application that accepts serialized data from users,
Bombs which is then deserialized by the server. If the
Dangerous? server doesn't properly validate or sanitize the data,
a malicious actor could submit a Pickle Bomb.
3.Denial of Service (DoS): Malicious objects could also
cause the server to crash or consume excessive resources
(e.g., creating large recursive objects or infinite loops),
leading to a denial of
How Build Pickle bomb
1-set up my environment through Virtual Studio and install Python plugins.
2-create Pickle bomb script
 How Build Pickle bomb
3-Run the Pickle Bomb Builder Script
Build a command bomb

n the pickle bomb builder with the -f flag

Build a code bomb

st the pickle bomb

ate a script to deserialize the pickle bomb then Run
 • 1-pickle: Core library used to serialize (pickle) and
deserialize (unpickle) objects. The primary tool for creating
Pickle Bombs.

• 2- os: Allows system-level interaction, such as executing

commands that can harm the system or establish reverse
shells.

• 3-subprocess: Provides more control and flexibility than

os.system(), commonly used for running system commands
Used and reverse shells.

• 4-socket: Provides networking functionality, used to create

Libraries reverse shells or other communication channels.

• 5- Custom Classes with __reduce__: Allows attackers to

define how their malicious objects should behave during
deserialization, enabling code execution.

• 6- pickle-tools (Optional): Used to dissect and analyze

pickled objects, helping attackers refine their payloads.

• 7- base64 (Optional): Encodes pickled objects into a text-

friendly format for transmission over text-based
communication channels.
 4 Functions used
- pickle.dumps()
Purpose: Serializes a Python object into a byte stream (pickled format). This is the primary function to convert an object into a pickled payload.
Usage: The attacker uses this to create a pickled object containing malicious code or payloads.
Example:

pickle.dump()

Purpose: Similar to pickle.dumps(), but instead of returning the pickled byte stream, it writes the serialized object directly to a file.

Usage: This is useful when the attacker wants to save the pickled malicious object to disk and later send or upload it to a target system.

Example:
4 Functions used
3. pickle.load()

 Purpose: Deserializes a pickled byte stream back into a Python object. This is the function used by the victim’s application to unpickle the
data.

 Usage: This is typically exploited in a Pickle Bomb to execute the embedded malicious payload (e.g., reverse shell, privilege escalation)
when the application deserializes the object.

 Example:

4. Custom Payload (e.g., __reduce__ or os.system())

 Purpose: Allows the attacker to control what happens when the pickled object is unpickled. Commonly, the __reduce__ method in a class can
be used to define custom behavior (such as running a system command) when the object is deserialized.

 Usage: This allows the attacker to inject malicious code, often executing system commands (like opening a reverse shell) when the object is
deserialized by the target system.

 Example (using __reduce__ to execute a command):

 1. Avoid Using Python's Pickle Module for Untrusted Data

 Do not deserialize untrusted data: Pickle is inherently unsafe when used to

deserialize data from untrusted sources because it can execute arbitrary code
during deserialization. Avoid using it entirely to handle untrusted input,
especially in web applications.

 Use safer alternatives like JSON, YAML, or other serialization libraries that don't
execute arbitrary code during parsing.

2. Input Validation and Sanitization

How to  Strict input validation: Ensure that any data received from external sources
(including user input) is properly validated and sanitized. Reject or filter out

Prevent
unexpected or suspicious data types.

 Whitelist inputs: Accept only known and valid types and formats. This reduces
the chances of malicious payloads being submitted.

Pickle 3. Use Web Application Firewalls (WAF)

Bombs
 A WAF can help detect and block malicious traffic, including attempts to exploit
known vulnerabilities such as those that might be used in pickle bomb attacks.

 Configure the WAF to detect and block suspicious patterns, such as unusual
HTTP request payloads that may attempt to exploit deserialization
vulnerabilities.

4. Secure Coding Practices

 Code reviews: Conduct thorough code reviews to identify any instances where
untrusted data is being deserialized using pickle. Ensure that such code is
properly secured or removed.

 Avoid unsafe object deserialization: Always avoid deserializing objects from

untrusted sources and rely on secure alternatives.
 5. Patch Vulnerabilities Regularly

 Apply security patches: Regularly update your system, libraries, and dependencies
to patch any known vulnerabilities. Pickle bombs often exploit security gaps in
outdated or poorly configured software.

 Monitor for security advisories and apply relevant updates, especially for Python
packages and other libraries that may be vulnerable to this kind of attack.

How to 6. Network Segmentation and Access Control

Prevent  Segment networks: Isolate IoT devices from critical infrastructure and other
sensitive areas within your network. This limits the damage if a compromise occurs.

Pickle
 Implement access control: Ensure only authorized users and devices have access to
sensitive systems and data. Use principles of least privilege and employ robust
authentication mechanisms.

Bombs 7. Monitoring and Intrusion Detection

 Implement robust monitoring and logging systems to detect suspicious activity, such
as unexpected web shell execution or unusual traffic patterns.

 Set up an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) to

identify and block potential pickle bomb attacks in real-time.
 8. Secure IoT Device Configuration

 Ensure IoT devices are securely configured and do not have unnecessary
services running. Many IoT devices can be accessed via web interfaces,
which can be entry points for web shell attacks.

 Disable unused ports and services, change default passwords, and use

How to
secure communication protocols to safeguard devices from unauthorized
access.

9. Encryption and Secure Communication

Prevent  Encrypt sensitive data both at rest and in transit to prevent attackers
from intercepting or tampering with it. Ensure that web communication is

Pickle
encrypted with protocols like HTTPS.

 Secure IoT device communications with protocols like TLS/SSL to ensure

Bombs
that malicious scripts cannot easily be injected into device
communication.

10. User Awareness and Training

 Educate administrators and developers about the risks of pickle bomb

attacks and the importance of secure coding practices.

 Ensure they are aware of the potential dangers of unsafe deserialization

and can recognize suspicious activities or signs of compromise.

Combining these measures can significantly reduce the

likelihood of a pickle bomb attack and better protect
your IoT devices and networks.
Many thanks, Any Questions…