Exploiting Memory Corruption Vulnerabilities on the FreeRTOS Operating System presented at Shmoocon 2016

by Joel Sandin,

Summary : The platforms powering the growth of the Internet-of-Things include tried-and-true embedded Real-Time Operating Systems (RTOSes). These lean OSes are designed for performance and reliability, but they force application developers to use C and often lack the exploit mitigations implemented in consumer OSes. This unforgiving environment places the burden of security entirely on the programmer and makes the risk of memory corruption vulnerabilities on these increasingly ubiquitous systems very real.
This talk will focus on FreeRTOS as an example of an RTOS that has seen widespread adoption by vendors and developers for the IoT. We will present security-relevant internals of the OS, put common memory corruption vulnerabilities in context, explain the steps an attacker can take to achieve reliable exploitation, and make recommendations that can help developers build more secure systems. This research is based on experience code reviewing, fuzzing, and developing attacks against both vendor SDKs and open-source libraries.
Attendees will understand the risks facing users of this new class of devices. Pentesters will learn how to review applications built for this operating system and determine the impact of bugs they identify. Defensive security practitioners will get an inside look at attacks against software written for this platform.
Joel works as an independent security researcher and has recently focused on security in embedded systems. He was previously a Senior Security Consultant for Matasano Security (part of NCC Group). Before joining Matasano’s consulting team, he worked in the Network Safety and Network Security groups at Akamai Technologies, where he helped build and maintain distributed systems for security monitoring and defense.
Credit and thanks to Siavash of NCC Group for suggesting Real-time Operating Systems as a research area. Siavash’s research interests include the security of embedded systems and software defined networks, machine learning, malware analysis and wireless sensor networks.