serious vulnerabilities FreeRTOS
As surely as day follows night, there’s news of another example of scary/buggy/crappy IoT firmware. A large number of security vulnerabilities have been found in FreeRTOS and other variants which presumably share the same code base. These include information leaks, DoS and remote code execution. Nice. One of those variants is SafeRTOS -- oh the irony! -- that’s "certified for use in safety critical systems". Whoops! https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-ran... According to the above link, "FreeRTOS and SafeRTOS have been used in a wide variety of industries: IoT, Aerospace, Medical, Automotive, and more.”. The vulnerabilities are apparently in the TCP/IP stack. How is this possible? Rock-solid public domain TCP/IP code has been around since BSD4.4 20+ years ago. Or even earlier. Why would someone shun that, write their own code and do it badly? I just don’t understand the thinking(?) behind that. Does anyone have more info on the actual devices/applications which could be vulnerable?
On Mon, Oct 22, 2018 at 9:40 PM Jim Reid <jim@rfc1035.com> wrote:
The vulnerabilities are apparently in the TCP/IP stack. How is this possible? Rock-solid public domain TCP/IP code has been around since BSD4.4 20+ years ago. Or even earlier. Why would someone shun that, write their own code and do it badly?
Sometimes the publicly available TCP handling code might seem to be too slow and bloated for an embedded software. Embedded developers are used to get rid of the security checks they believe are unnecessary, because it reduces both computational time and memory footprint. I actually have a device almost at my disposal which implements its own TCP driver in the most effective and braindead way. I'm going to check against my NDA if I can share the details, but, spoiler, you'll be shocked of what it does with plain old poor TCP. | Töma Gavrichenkov | gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191 | mailto: ximaera@gmail.com | fb: ximaera | telegram: xima_era | skype: xima_era | tel. no: +7 916 515 49 58
On 10/23/18 3:04 AM, Töma Gavrichenkov wrote:
Sometimes the publicly available TCP handling code might seem to be too slow and bloated for an embedded software. Embedded developers are used to get rid of the security checks they believe are unnecessary, because it reduces both computational time and memory footprint.
Battery life is an oft-cited concern as well. And to be fair, those concerns, by themselves, are not invalid. So one question is, do they need 'full stack' TCP/IP? Could there be a lighter protocol they could be using? Is there any way to get them there? Okay, that's three questions. Jelte
participants (3)
-
Jelte -
Jim Reid -
Töma Gavrichenkov