Understanding and Preventing Memory Leaks with Examples

5  min read | 28/03/2024

Lian Granot
Lian Granot
Hadas Spektor
Hadas Spektor

What Are Memory Leaks?

A memory leak occurs when a computer program incorrectly manages memory allocations. In an ideal scenario, whenever we create a program, it should free up memory that it no longer needs. However, when this doesn’t happen for some reason, it leads to a memory leak.

The problem with memory leaks is that they are often silent and subtle. They do not cause an immediate system crash or error message. Instead, they slowly eat away at a system’s available memory, causing the system to slow down over time. If left unchecked, memory leaks can eventually lead to a system crash, often at the most inconvenient times.

To address memory leaks, you need a good understanding of how memory management works in a given programming language and a keen eye for spotting potential problems. We’ll explain basic memory management concepts and provide practical examples of memory leaks in C code.


What is a Memory Leak Attack and How Does it Work?

A memory leak attack is a malicious act where an attacker exploits a memory leak in a computer program to cause harm. Initially, a memory leak is a bug, but when detected and exploited by an attacker, it can become a severe security vulnerability. Memory leak attacks can lead to system downtime and threaten data integrity.

Memory leak attacks work by continuously triggering the memory leak. For instance, an attacker could repeatedly request a particular function that causes a memory leak, leading to a gradual decrease in the system’s available memory. Over time, this can cause the system to become sluggish and eventually crash.

By understanding how memory is allocated and deallocated, and learning to spot potential memory leaks in your code, you can significantly reduce the risk of memory leak attacks.


Why are IoT Devices Based on C Code Vulnerable to Memory Leak Attacks?

Manual Memory Management

One of the main reasons why IoT devices written in C code are vulnerable to memory leak attacks is due to the manual memory management in C. Unlike in higher-level languages like Python or Java, in C, the programmer is responsible for both allocating and deallocating memory. This means that the programmer must explicitly command the program to release memory that is no longer in use.

While this level of control can be beneficial in terms of performance and efficiency, it also requires a lot of attention to detail. A single oversight can lead to a memory leak. This can cause the system to run out of memory, resulting in a crash or other serious issues.

Lack of Garbage Collection

Another contributing factor to the vulnerability of IoT devices written in C code to memory leak attacks is the lack of garbage collection. Garbage collection is a feature of many modern programming languages that automatically frees up memory that is no longer in use by the program.

In C, however, there is no built-in garbage collection. Instead, the programmer is responsible for manually freeing up memory. This can be a tedious and error-prone process, particularly in large and complex applications. If the programmer forgets to free up memory, or if they free up memory that is still in use, it can lead to memory leaks or other serious issues.

Multithreading and Concurrency Issues

Multithreading and concurrency issues can also contribute to memory leaks in IoT devices written in C code. Multithreading allows for multiple operations to be carried out concurrently, which can greatly improve the performance of an application. However, it also adds a layer of complexity to memory management.

In a multithreaded application, multiple threads may be accessing and modifying the same memory locations. If these operations are not properly synchronized, it can lead to memory leaks.

Dangling Pointers

Dangling pointers are another common source of memory leaks in C code. A dangling pointer is a pointer that points to memory that has been deallocated or that has gone out of scope. If a program continues to use a dangling pointer, it can lead to unpredictable behavior, including memory leaks.

In C, it is the programmer’s responsibility to ensure that pointers are properly managed. This includes making sure that pointers are set to null after the memory they point to has been deallocated and that pointers are not used after they have gone out of scope. Failure to do so can result in dangling pointers and the memory leaks they can cause.

Lack of Modern Programming Safeguards

Many modern programming languages include features designed to prevent memory leaks, such as garbage collection, automatic reference counting, and safe pointers.

C, however, does not include these features. This means that programmers must be extremely careful to avoid memory leaks, particularly in complex applications. This can be a daunting task, particularly for less experienced programmers.


Detecting and Preventing Memory Leak Attacks in IoT

There are three measures you can take to reduce the risk of memory leak attacks in IoT devices:

  • Testing devices for memory leaks: This involves running your IoT software in a controlled environment and monitoring its memory usage. Any unexpected increase in memory usage could indicate a memory leak. There are various tools available that can help you detect memory leaks, such as Valgrind and LeakSanitizer.
  • Monitoring IoT devices: This allows you to spot any unusual behavior, such as a sudden decrease in performance or an unexpected system crash. Such behavior could indicate a memory leak or an attack related to memory leaks. This can be challenging because most monitoring tools cannot be deployed on IoT devices, due to their limited connectivity, limited computational power, and non-standard operating systems.
  • Regularly updating IoT devices: This is important because software updates often include patches that fix known memory leaks. By keeping your devices up-to-date, you can protect them from known vulnerabilities. However, this can be challenging because many IoT devices cannot be updated remotely, if at all.


Memory Leaks Prevention for IoT Devices with Sternum

The vast majority of IoT/embedded devices use C code, and are prone to memory leaks and other operational and security vulnerabilities.

Sternum’s patented EIV™ technology protects from these with runtime (RASP-like) protection that deterministically prevents all memory and code manipulation attempts, offering deterministic protection from a broad range of memory corruption weaknesses.

Embedding itself directly in the firmware code, EIV™ is agentless and connection agnostic. Operating at the bytecode level, it is also universally compatible with any relevant device and operating system (RTOS and Linux, including OpenWrt, Zephyr, Micirum, FreeRTOS, etc.) and has low overhead of only 1-3%, even on legacy devices. 

Moreover, EIV’s runtime protection features are augmented by (XDR-like) threat detection capabilities of Sternum’s Cloud platform and extended observability features.

The benefits of using Sternum for IoT security include:


  • Agentless security—integrates directly into firmware, making it a part of the core build. This ensures that the solution cannot be externally compromised and leveraged as a point of failure.
  • Automatic mitigation of known and zero-day threats—prevents 96.5% attacks in benchmark (RIPE) security tests. Its vulnerability-agnostic approach makes it equally effective in dealing with known and zero-day threats. This not only improves security but can also cut security patch management costs by as much as 60%.
  • Supply chain protection—relies on binary instrumentation, making it able to protect all running code. This extends to 3rd party and operating system libraries, effectively preventing all supply chain exploit attempts. 
  • Protection of isolated devices—does not rely on external communication to secure devices, making it equally effective for connected and isolated devices.
  • Live attack information with zero false positives—real-time alert system notifies about all blocked attacks, providing—for each—detailed logs and attack path analysis. The deterministic nature of EIV’s integrity checks ensures that all alerts are always valid. 
  • Advanced threat intelligence—leveraging AI anomaly detection and granular device-level understanding of user interactions, user activity, and device behavior. Can automatically spot indicators of exposure and compromise, malicious behavior, security blindspots, stealthy and sophisticated threats
  • Streamlined compliance—helps meet the latest cyber regulations for IoT devices (IEC 62443, FDA, NIST, etc) and the most current FBI recommendations for Internet of Medical Things (IoMT) endpoint protection.


Learn more about Sternum for IoT security and how we help protect against memory leaks? Schedule a demo: https://www.sternumiot.com/request-demo


Related content:


Enter data to download case study

By submitting this form, you agree to our Privacy Policy.