A security researcher has uncovered two vulnerabilities in the VxWorks operating system, used among other things, with NASA’s Curiosity rover.
The researcher’s paper does not target NASA and Curiosity specifically, but the operating system on which the rover runs, VXWorks, used on Mars in one device, and on Earth in over 1.5 billion.
VxWorks, a very secure real-time OS for the Internet of Things
The operating system, created in 1987 by US company Wind, an Intel subsidiary, has been deployed in countless of devices ranging from Boeing 787 planes to industrial robots, from network routers to medical equipment.
Yannick Formaggio, a Canadian security expert, was asked by one of his clients to conduct research into the operating system’s security features before making a decision to deploy it for their own industrial equipment.
After conducting his inspection, Mr. Formaggio found the “real-time” OS to be very secure, with the exception of two critical issues.
Issues found: a backdoor and a ring buffer overflow
The first is a backdoor, which could be created without detection, if he supplied negative values in the login fields.
This allowed Formaggio to bypass memory protections and create a root level account on the operating system without having proper credentials to do so.
The second was a ring buffer overflow in VxWorks operating system built-in FTP server, which crashed when it received maliciously crafted username & password details at very high speeds. This bug only led to a Denial of Service (DoS) for the device’s network capabilities.
Affected VxWorks versions are 5.5 to 18.104.22.168. Wind was informed of the exploits at the end of July and has provided patches.
VxWorks is one of the most used operating system for connecting IoT-enabled devices, and the code was remotely exploitable and invisible to rightful administrators. It is recommended that all VxWorks devices be updated as soon as possible.
Mr. Formaggio presented his research at the 44CON security conference in London.