Researchers find backdoor bug in NASA rovers’ real-time OS

A critical, remotely exploitable vulnerability in VxWorks, the world’s most popular real-time operating system (RTOS), can be exploited by attackers to gain backdoor access to the systems using it.

VxWorks is developed by Wind River, a subsidiary of Intel Corporation, and is designed for use in embedded systems in the aerospace, aircraft and automotive industries, as well as in industrial robots, controllers, and consumer electronic devices.

Among the machines that use the RTOS are NASA’s various rovers, landers and space probes, a diverse number of civilian and military aircrafts, and many other critical computer systems. All in all, it’s estimated that 1.5 billion devices around the world run VxWorks.

The flaw was discovered by security researcher Yannick Formaggio with the help of a few colleagues and a custom-made fuzzing tool, and Formaggio shared the results of their research with the audience at 44Con held last week in London.

Despite the fact that Windriver takes VxWorks security seriously, as evidenced by the various security improvements implemented over the years, throwing invalid and unexpected data at the RTOS resulted in system crashes that revealed the existence of several flaws that can be concatenated to compromise the system:

The vulnerabilities affects VxWorks versions 5.5 through 6.9.4.1, but Wind River has issued patches. Every customer should check the company’s Knowledge Library for details, and implement the fix as soon as possible.

Formaggio said the attack would like likely work on a Schneider Modicon Quantum PLC, as it runs VxWorks 5 and has post 111 open, but said that they will not be releasing exploit code unless they receive an explicit authorization to do so. They will release the tool they used in the testing in the following weeks.