1. InfoconDB
  2. Black Hat
  3. Black Hat Asia 2019
  4. Dive into VxWorks Based IoT Device: Debug the Undebugable Device

Dive into VxWorks Based IoT Device: Debug the Undebugable Device

Presented at Black Hat Asia 2019, March 29, 2019, 9 a.m. (60 minutes)

VxWorks is the industry's leading real-time operating system. It has been widely used in various industry scenarios, which require real-time, deterministic performance and, in many cases, safety and security certifications. There has been a great deal of research on Linux based Router and camera, rarely seen research of VxWorks based device.

Most of VxWorks based IoT devices on the market did't contain any built-in debugger like WDB(VxWorks WDB Debug Agent) or command line debugger. Without debugger it's almost impossible to analyze the root cause of a vulnerability or exploit vulnerabilities.

Our talk introduces how to find vulnerabilities with memory fuzzing and debug VxWorks based IoT Device without built-in debugger.


Presenters:

  • Ruikai Liu - Security Researcher, Ping An Technology Galaxy Lab
    Ruikai Liu is a security researcher of PAGalaxyLab, mainly focused on Android security and static analysis.
  • Jiashui Wang - Senior Security Expert, Ant-Financial Light-Year Security Lab
    Jiashui Wang (a.k.a Quhe) is TeamLeader at Ant-Financial Light-Year Security Lab. His major experience includes mobile security and vulnerability hunt. He has reported several vulnerabilities in Samsung/Google/Twitter/Tencent/360 products, which were confirmed and credited in multiple advisories. In the past, he lead the team to pwn several android devices by remote attack. He also has done research sharing at conferences like Black Hat USA, Black Hat Asia, CanSecWest, HITCON, ZeroNights.
  • Yu Zhou - Security Engineer, Ant-Financial Light-Year Security Lab
    Yu Zhou is a security engineer at Ant-Financial Light-Year Security Lab, mainly focused on fuzzing techniques, AI security and ICS security. He has received a couple credits from Microsoft, Google, Apple and some other ICS vendors. MSRC top 100.
  • Wenzhe Zhu - Security Researcher, Ping An Technology Galaxy Lab
    Wenzhe Zhu is a security researcher of PAGalaxyLab, mainly focused on fuzzing techniques and ICS security.

Links:

Similar Presentations: