This talk focuses on the VxWorks operating system, how it works, what devices use it, and how to compromise it. The content will include background information on VxWorks itself, a checklist of common vulnerabilities, mappings from these vulnerabilities to shipped products, and a live demo of gaining access to a widely deployed commercial product.
<p>Why this is notable:<br/> VxWorks was the predominate embedded operating system for most of the 2000's, and although its market share has been chipped away by Linux and Windows CE, millions of devices still use it today. Given the size of the installation, one would think there would be a copious amount of security research; however, that is not the case. There are 13 CVE entries that reference VxWorks, with only 2 of these mapping to flaws in the operating system itself. I believe this is the first time that any real effort has been spent on categorizing common vulnerabilities and exploiting them take full control of the OS.</p> <p><b>NOTE: Portions of this presentation will not be streamed or recorded.</b></p>