44CON LONDON 2015 has ended
Thursday, September 10 • 09:30 - 10:29
Attacking VxWorks: from Stone Age to Interstellar

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

VxWorks is the world’s most widely-used real-time operating system deployed in embedded systems. Its market reach spans across all safety critical fields, including the Mars Curiosity rover, Boeing 787 Dreamliner, network routers to name a few. The safety critical nature of these applications make VxWorks security a major concern.

Our team has conducted a thorough security analysis on VxWorks, including its supported network protocols and OS security mechanism. We will present the tool we developed for VxWorks assessment. The main goal of our tool is to provide effective penetration testing by implementing the WdbRPC protocol in python. To show its effectiveness, we are going to reveal some of the bugs we discovered along the way.

Finally, we will wrap up by demonstrating the vulnerability we found that allows remote code execution on most VxWorks based devices. A quick Internet scan shows that at least 100k devices running VxWorks are connected to the Internet. Considering the popularity of VxWorks in the age of IoT, this issue will have a widespread impact.

avatar for Yannick Formaggio

Yannick Formaggio

Yannick is a french passionate IT security researcher at Istuary Innovation Group. He graduated from Bordeaux 1 University (France) with a master of science in Cryptography and IT Security in 2010. He worked 4 years as a subcontracting IT Security consultant for Airbus and Thales... Read More →

Thursday September 10, 2015 09:30 - 10:29 BST
Track 2

Attendees (0)