Fatemah Alharbi at work
April 3, 2019

This computer scientist beats hackers at their own game

Fatemah Alharbi discovered a serious security flaw, earning thanks from Apple

Author: Holly Ober
April 3, 2019

Fatemah Alharbi breaks things in order to learn how to fix them. Not just any old things. Computer operating systems, to be exact, and she conducted research that earned public gratitude from Apple.

If she doesn’t look like a hacker that’s because she isn’t, really. She’s a doctoral candidate in computer science at the University of California, Riverside with an interest in computer and network security that puts her squarely on the good side, trying to protect your passwords, information, and money.

Her interest in security set Alharbi — a first-generation student who grew up in Saudi Arabia — on an unexpected path to becoming a white hat hacker. 

“I hadn’t thought about doing any hacking stuff. I always thought about how I can defeat this attack, how I can overcome this vulnerability,” she said. 

Fatemah Alharbi was thanked by Apple for discovering a security flaw. Credit: Stan Lim/UCR

But in her doctoral studies at UC Riverside, Alharbi worked with computer science professors Nael Abu-Ghazaleh and Zhiyun Qian, who hack computer systems to improve their security.

Alharbi is first author of a paper that will be presented at the IEEE International Conference on Communications, or INFOCOM, in Paris at the end of April. In the paper, she described a new way for attackers to misuse the Domain Name System, or DNS, to direct a network’s web traffic to a website they control. 

DNS links domain names with their corresponding Internet protocol, or IP, addresses. For example, when you open a browser and type ucr.edu into the address bar, you are asking for an IP address — a set of numbers computers use to communicate with one another. The DNS directs requests for the words “ucr.edu” to the IP address of the UC Riverside web server, and the user sees the UC Riverside website.

Attackers can inject a malicious IP address for a web server under control of the attacker. Instead of directing the victim to the desired website, the corrupted DNS protocol sends them to a website that looks just like the real one but is controlled by the attackers. The attacker’s site is able to capture information the victim enters, like usernames, passwords, and other sensitive information. 

This particular hacking technique, called DNS cache poisoning, is already well known, but Alharbi did something unique. 

Most DNS cache poisoning attacks work at the level of the servers and computers that resolve requests, and security protocols have been developed to prevent the attacks. But Alharbi targeted the weakest link, between an individual using a personal computer and the “resolver” computer that handles the request. Even with security measures in place, the resolver always sends the IP address in plain text to the client, making it easy to see and spoof. 

“The new thing about our attack is that we are targeting the end devices, like laptops, directly,” Alharbi said. “The first one we tried was Microsoft Windows, then when that attack succeeded, I went on to macOS and Linux Ubuntu.”

The attacks succeeded in all of them — in just a few seconds for Windows and a few minutes for the other operating systems. The researchers notified all three companies and received public acknowledgement when Apple announced a patch for the vulnerability in macOS.

Alharbi grew up in the Saudi Arabian city of Jeddah, one of seven children born to a father who worked for the Saudi Arabian air force and a mother who did not work outside the home, like most women in her country at that time. Alharbi and her siblings are the first generation to go to college, and she is the first to get a Ph.D. 

At King Abdulaziz University, where she received her bachelor’s degree, Alharbi was inspired by a course taught by a female professor, and did her senior project on steganography, a cryptographic system that lets people embed secret data inside text files, images, audio files, or videos.

With a full scholarship from the Saudi Arabian government, she completed a master’s degree at California State University, Los Angeles, and applied to UC Riverside for her doctorate. In her first year at UC Riverside, she applied for faculty positions at Saudi universities and received many offers.

“They really appreciate the ranking of UC Riverside. It’s a high-ranking university, especially in the computer science field,” she said. 

She accepted a position at Taibah University, which offered to fully fund Alharbi’s doctoral studies if she agreed to return as a professor.

Alharbi’s research and acknowledgement from Apple have brought major San Francisco Bay-area tech companies knocking at her door. But with a husband who works as an engineer in Corona and a young daughter, moving would be difficult and besides, she remains committed to her promise.

“I’d really love to go back and share my experience and all of the things that I learned here,” she said.

Support from other women in STEM has been important to Alharbi, from her undergraduate professor to her graduate studies at UC Riverside. Last year, she received a scholarship to attend the Grace Hopper Celebration, the world's largest gathering of women technologists.

“The number of attendees was more than 20,000 women and it was one of the best experiences in my life,” she said. “I enjoyed every single moment there.”

Alharbi said there are few women in computing in Saudi Arabia. As a professor, she hopes to change that, and thinks she has momentum in her favor.

“There is this tremendous effort to empower women in computing in Saudi Arabia. I think they are trying to encourage women to have leadership roles,” she said.

Alharbi’s paper, “Collaborative Client-Side DNS Cache Poisoning Attack,” will be published in the proceedings of IEEE’s INFOCOM, from April 29–May 2 in Paris. The research was partially supported by the National Science Foundation.

Media Contacts