In order to attempt to exploit a system’s vulnerabilities it is important to understand the levels to which a computer or electronic system is built upon. There are many ways to depict the layers that make up electronic devices but the point that I will try to get across remains the same – that there are different layers to the overall design that certain parties are responsible for handling.
Electronic devices are layered into respective domains to reduce the level of complexity for individuals who work within other areas of the stack. It’d be inconceivable to expect one person to know a computer and its operations inside and out; however, that would be quite the accomplishment for an individual whom achieved this ability. At its simplest form and to put things into perspective, hardware engineers are responsible for the circuitry of system boards; handling electricity, transistors, logic gates, etc. They then hand off the physical hardware and an ability to interface with it to software engineers. So, there are two main domains: hardware and software. Within each you can abstract even more but for simplicity in this blog, we’re only going to focus on the software domain.
The software domain is composed of application developers, various programming languages and developers therein, libraries offered by an operation system’s (OSs) API, etc. As we can see, there are many areas of software development and within each lies potential mishaps and human error. This is where quality assurance comes in handy but it’s unrealistic to expect it to catch all unintended behaviors, which only broadens the exploit / attack surface potential. The good guys would research these surfaces and report them to the developer via bugs, whereas the bad guys would use the surface as a potential way to take advantage. To provide some sort of visual aid to better understand just how layered these domains can get, the following is an awesome example: