Software Backdoor Found in Curiosity Rover
by Peter ·
The Canadian security researcher Yannick Formaggio has discovered an important flaw in VxWorks which is the real-time operating system (RTOS) developed by the Wind River, an Intel’s subsidiary. VxWorks is one of the most reliable real-time OS for the Internet of Things. This family of operating system is considered extraordinarily reliable and secure, they run in aviation components, industrial equipment, and also the Curiosity Rover uses it.
At the recent 44CON conference, Formaggio presented a detailed analysis of an integer overflow bug that could be exploited by an attacker for remote code execution. Formaggio analyzed the VxWorks for a client interested in evaluating it, despite the good performance of the real-time OS de discovered a serious security issue that could be triggered when a credential was set to a negative value.
Formaggio could bypass all memory protections and set up a backdoor account using this simple trick. Formaggio will provide further details on its fuzzing system in the next weeks, he also anticipated that he will not disclose the exploit code “unless explicit authorisation given”.
Formaggio also made another worrying discovery related to the VxWorks operating system, the FTP server is affected by ring buffer overflow under specific conditions:
“FTP server is susceptible to ring buffer overflow when accessed at a high speed” and crashes when sent a “specially crafted username and password”.
The security issues affect the VxWorks Versions 5.5 through 126.96.36.199, so we are speaking about millions of devices need patching. Wind River confirmed the presence of the flaw in its VxWorks system and plans to distribute a security update as soon as possible.
If you are a Wind River customer check for the availability of security patch.