Critical Zero Days Remotely Compromise the Most Popular Real-Time OS

Explore a critical security presentation from Black Hat that unveils dangerous zero-day vulnerabilities in VxWorks, the most popular real-time operating system. Delve into the exploitation of these vulnerabilities on various devices, including printers and hospital patient monitors. Learn how these exploits can breach networks protected by NAT and firewalls through normal TCP connections. Understand the importance of TCP/IP stacks, their evolution since the 1990s, and the specific vulnerabilities in VxWorks. Witness live demonstrations of exploits, including a potentially life-threatening attack on a hospital bedside patient monitor. Gain insights into heap exploitation strategies and the lack of security features in affected systems. This 44-minute talk by Ben Seri and Dor Zusman provides a comprehensive look at the critical security implications for devices running VxWorks and the urgent need for improved security measures in real-time operating systems.

Introduction
Presentation Overview
Agenda
What is VXWorks
Where VXWorks is used
Why are TCPIP stacks important
TCPIP stacks in the 90s
Wing Nuke
IP Net
Impact evangelism
SonicWALL
Overview
How it works
Basic TCP
TCP Window
Urgent Data
Urgent Pointer
Data Mechanism
VxWorks
Example 5 Way Handshake
Patient Monitor
Three Easy Steps
Dump the Framework
No Security Features
Heap exploitation strategy
Live demo
Patient monitor demo