Vulnerability found in VxWorks, the Intel owned operating system used in Curiosity Mars rover and Boeing 787 Dreamliners

Researchers at Canadian security research firm, Istuary Innovation Labs have found critical vulnerability in VxWorks, a operating system developed by Intel and used in many hi-tech applications and critical infrastructure system.

VxWorks software is used to control parts of NASA’s Curiosity Mars Rover, while a customised version is used in Boeing 787 Dreamliners and military helicopters. According to security researcher Yannick Formaggio from Istuary, certain versions, used by tens of thousands of machines, have a vulnerability that can be exploited by anyone, from anywhere with an internet connection.

Speaking at the 44Con conference in London, Formaggio said he found the security flaw in VxWorks when he looked into the software following a request from a client working in the critical infrastructure industry. Formaggio said he and his team had created their own “fuzzing” tool to check for the errors in VxWorks.

Their fuzzing tool disclosed a critical vulnerability known as an integer overflow vulnerability, which allowed the researchers to target a specific part of the operating system and write to memory on the machine running VxWorks. Once they have created the backdoor, they could control the functioning of the operating system, Formaggio claimed.

“It’s a very basic vulnerability,” he added. An attacker would have to find targets with a certain port (port 111) open, but if they did the exploit code could run without any interaction from the user.

The attack could be run silently without the owner or the sysadmin having a clue of the hack according to Formaggio. He said that VxWorks version 5.5 through to 6.9.4.1 was affected by this vulnerability.

Formaggio reported the vulnerability to Wind River on 22 July who quickly acknowledged it. Formaggio believes the firm has issued a patch, though he claims it wouldn’t release a public advisory as it didn’t deem the problems serious enough.

VxWorks runs on around 1.5 billion devices making it “the world’s most widely-used real-time operating system”. The severity of the vulnerability can be considered from the fact that Curiosity Mars rover uses it while customised versions are used on Boeing 787 Dreamliners and military helicopters. If hackers exploit this vulnerability they could have control over several critical infrastructure plants and machines causing millions of dollars in losses.