Defects in embedded OS Vxworks leaves an estimated 200m devices vulnerable, many of them mission-critical, "forever day" systems

Originally published at: https://boingboing.net/2019/07/30/urgent-11.html

How do you undermine a hardened network stack based on BSD Unix? Neglect it for as long as possible while the attackers advance.

Since WRS passed through several different owners, notably from self to Intel (2004) to a private equity looter (cough!) asset funds manager (2018), a comprehensive fix to VxWorks’ network defects is unlikely, i.e., they only care about revenues. Reputation? Not so much.

2 Likes

Wind River says that many of the affected versions of Vxworks have been end-of-lifed, and that its current OS version is not affected.

Ha. As a firmware engineer, “end-of-lifed” only applies to small customers. If WR had a fortune 500 breathing down their neck, the company will come up with a patch because money. Hell, I’ve had to hack a fix for a system I used to work on 10 years ago which was EOL’ed 3 years ago just for one big customer that was complaining.

I don’t use Vxworks any more, but WR does make some decent simulators for Intel products. It’s a shame that they keep ping-ponging around to different owners.

5 Likes

I translate that as “we aren’t going to fix it, we aren’t going to try to notify end users running it, we aren’t going to accept responsibility, we wash our hands of the whole mess, piss off.”

As an aside, this kind of foolishness is why I am generally uninterested in having any Internet of Shit Things objects installed in my home.

AFAIK, VxWorks has no meaningful relationship to BSD.

1 Like

Any news on what percentage of these devices are on other planets?

2 Likes

You must be remembering the file system overflow that required the programmer to “hit any key to stop auto boot” from Earth on Spirit and Opportunity.

2 Likes

AFAIK, VxWorks has no meaningful relationship to BSD.

Not for years, however when a company acquires another one, there’s always looting of assets…er, cross-pollination. One year of BSD was sufficient time for WRS to strip mine it before spinning it off. Ancient history.

Re: Io(shi)T
2 years ago, some Berliners went wardriving for Bluetooth sex toys, promptly dubbed it “screwdriving”. It was a prank to illustrate pacemaker and insulin pump vulnerabilities.

1 Like

Oh right, I had forgotten WRS had bought BSDI. In fact I had forgotten about BSDI altogether, which is funny since I was an early customer. I still have my doubts as to whether VxWorks ever incorporated much BSDI technology, it’s very much a square peg/round hole problem. But yes, all the ingredients were present in the WRS blender at one point.

ETA: Penny finally dropped you were just talking about the BSDI stack. Yeah, I can see that.

1 Like

The network stack was not imported from BSDI or other BSD variants. The Armis article mentions IPnet and Interpeak (a Swedish company acquired by Wind River for the network code). A quick Google DuckDuckGo search returned a source directory on a Chinese (warez?) server, so I will not link it here, but the boiler plate in those files shows no indication of BSD heritage.

2 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.