Reversing FreeRTOS on embedded devices
RECON-BRX-2017-FreeRTOS_Embedded_Reversing
RECON-BRX-2017-FreeRTOS_Embedded_Reversing
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
̶<br />
̶<br />
̶<br />
̶<br />
Security issues<br />
• These are not real bugs in <str<strong>on</strong>g>FreeRTOS</str<strong>on</strong>g>, this is just<br />
observati<strong>on</strong> from the point of adversary who wants to do<br />
some exploitati<strong>on</strong>!<br />
TCP/IP stack is not very resilient<br />
Stack overflow protecti<strong>on</strong> is rudimentary<br />
MPU usage is not very comm<strong>on</strong> (supported <strong>on</strong>ly <strong>on</strong> ARM M3<br />
platforms anyway)<br />
§ Unprivileged task can spawn privileged task, if MPU is used; or<br />
§ Everything runs in the same c<strong>on</strong>text otherwise<br />
It is developed in C inheriting all possible security problems as<br />
any other C programs (buffer overflows, heap corrupti<strong>on</strong>s…)<br />
20 RECON 2017 Brussels