We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Kill Latest MPU-based Protections in Just One Shot: Targeting All Commodity RTOSes
Discover how to exploit MPU-based protections in just one shot, targeting all commodity RTOSes including FreeRTOS, Red-X, Zebra, Tizen, RT-STRAT, and BadOS, and explore the security issues and mitigations to help you secure your embedded applications.
- MPU-based RTOSes are vulnerable to exploitation, with 6 commercial RTOSes investigated, including FreeRTOS, Red-X, Zebra, Tizen, RT-STRAT, and BadOS.
- MPU (Memory Protection Unit) is a hardware feature that manages memory access of different memory regions according to execution state, privilege, or non-privilege.
- The presentation focuses on FreeRTOS and discusses the security issues found in FreeRTOS, including missing general message tracks during mode switch, and mistaken MPUA configuration.
- The security issues are due to the lack of checks on tromblad function parameters, allowing unprivileged tasks to access kernel memory.
- The presentation also discusses mitigations, including limiting tromblad function usage, adding checks for access permission and buffer regions, and adjusting the location of the context and privilege stack for tromblad functions.
- The security issues are related to the use of tromblad functions, which are used to request kernel services, and the lack of checks on their parameters.
- The presentation also mentions the use of CodeQL to find vulnerable functions and the importance of MPU region overlapping.
- The security issues found in FreeRTOS include arbitrary write and read, privilege escalation, and information leaks.
- The presentation concludes with a discussion of the importance of MPU and its role in managing memory access in RTOSes.
- The security issues found in Red-X include arbitrary write, read, and privilege escalation.
- The presentation also discusses the use of MPU in STRATX, which is an advanced RTOS designed for embedded applications.
- STRATX has a more strict management of memory access, with separate regions for kernel code, data, and modules.
- The presentation concludes with a discussion of the importance of MPU and its role in managing memory access in RTOSes, including the use of CodeQL to find vulnerable functions.