Recently, a security researcher discovered two vulnerabilities on the VxWorks operating system, and NASA's Curiosity Rover, which runs this real-time operating system. However, the researchers are not specifically targeting NASA or Curiosity Rover, after all, only one device on this red planet is running the system. Worse, in the next door, there are more than 1.5 billion devices running this "very secure real-time operating system."
VxWorks is a high-security IoT operating system introduced by the Wind River System in 1987. It appears on countless devices, from Boeing 787 aircraft to industrial robots and network routers to medical devices. It has its figure.
Canadian security expert Yannick Formaggio was invited by a client to conduct a security study of the operating system before deploying his own industrial equipment. After the check, Mr. Formaggio expressed affirmation of the security of the system, in addition to the two vulnerabilities found.
The first thing to say is a backdoor. By providing a negative value in the login field, an attacker can be created without being detected. As a validation, Formaggio successfully bypassed memory protection and created a root-level account without proper authorization.
The second vulnerability is a ring buffer overflow that occurs with the built-in FTP server of the VxWorks operating system. It crashes when it receives a very high speed malicious username and password, but this is equivalent to launching a DDoS attack on the device's network.
The affected VxWorks system version is 5.5 to 220.127.116.11. At the end of July, Wind River Systems has announced the vulnerability and provided fixes.
Mr.Formaggio announced the results of the study at the 44CON Security Conference in London.
Concerned about surprises
Potassium Perchlorate,High Purity Potassium Perchlorate,Bulk Potassium Perchlorate,Potassium Perchlorate Powder
Rucheng Sanxing Electric Chemical Co.,Ltd , https://www.3xchemical.com