Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Curiosity Rover's OS has backdoor bug

Fixes on the way for Wind River's VxWorks, which also runs lots of stuff on Earth

Canadian security researcher Yannick Formaggio has detailed a significant flaw in VxWorks, the real-time operating system (RTOS) made by Intel subsidiary Wind River.

Speaking at the 44CON event made famous last week, Formaggio detailed how an integer overflow mess allows remote code execution in the operating system. Formaggio discovered the flaw after fuzzing the OS at the request of a client keen to understand its workings better. That effort led the researcher to declare that Wind River generally generally does a fine job of security and takes it seriously, but hadn't considered what might happen when a credential was set to a negative value.

Once Formaggio tried that trick, he found he could defeat or bypass all memory protections and set up a backdoor account. Which of course is just what you don't want to be possible in the kind of devices that require an RTOS, as most are expected to be extraordinarily reliable and secure so they can get on with jobs like running industrial equipment, planes and the Curiosity Rover that Wind River proudly claims as a customer.

Formaggio also found that the operating system's “FTP server is susceptible to ring buffer overflow when accessed at a high speed” and crashes when sent a “specially crafted username and password”.

Versions 5.5 through 6.9.4.1 have the problem, which means many millions of devices need patching. Wind River has acknowledged the flaw and is in the process of providing patches. Formaggio urges users of the operating system to check the Wind River knowledge library to get their fresh code fix.

The researcher's also said he'll detail his fuzzing apparatus here in coming weeks, but won't reveal exploit code “unless explicit authorisation given”. ®

Update: Wind River's been in touch to let us know there's a security advisory and patch available and to point out that Curiosity Rover doesn't run the version of VxWorks that the exploit impacts. Th company's also keen to point out that the exploit only works "when, and only when, the optional Remote Procedure Call feature is configured to be included in a device." Which may not be all the time.

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like