A security expert discovered a critical flaw in the VxWorks, one of the most reliable real-time operating systems for the IoT also used by the Curiosity Rover.
The Canadian security researcher Yannick Formaggio has discovered an important flaw in VxWorks which is the real-time operating system (RTOS) developed by the Wind River, an Intel’s subsidiary. VxWorks is one of the most reliable real-time OS for the Internet of Things.
This family of OS is considered extraordinarily reliable and secure, they run in aviation components, industrial equipment, and also the Curiosity Rover uses it.
At the recent 44CON conference, Formaggio presented a detailed analysis of an integer overflow bug that could be exploited by an attacker for remote code execution. Formaggio analyzed the VxWorks for a client interested in evaluating it, despite the good performance of the real-time OS de discovered a serious security issue that could be triggered when a credential was set to a negative value.
Formaggio could bypass all memory protections and set up a backdoor account using this simple trick. Formaggio will provide further details on its fuzzing system in the next weeks, he also anticipated that he will not disclose the exploit code “unless explicit authorisation given”.
Formaggio also made another worrying discovery related to the VxWorks operating system, the FTP server is affected by ring buffer overflow under specific conditions:
“FTP server is susceptible to ring buffer overflow when accessed at a high speed” and crashes when sent a “specially crafted username and password”.
The security issues affect the VxWorks Versions 5.5 through 126.96.36.199, we are speaking about millions of devices need patching.
Wind River confirmed the presence of the flaw in its VxWorks system and plans to distribute a security update as soon as possible.
If you are a Wind River customer check for the availability of security patch.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.