Presented at
Black Hat USA 2021,
Aug. 4, 2021, 1:30 p.m.
(40 minutes).
<div><span>"BadAlloc" is our code name for a class of integer-overflow related security issues found in popular memory allocators' core functions such as malloc and calloc. BadAlloc vulnerabilities affect 17 different widely used real time operating systems (i.e., VxWorks, FreeRTOS, eCos), standard C libraries (i.e., newlib, uClibc, Linux klibc), IoT device SDKs (i.e., Google Cloud IoT SDK, Texas Instruments SimpleLink SDK) and other self-memory management applications (i.e., Redis). Some of these vulnerabilities go as far back as the early 90's and all of them collectively impact millions of devices worldwide, mainly IoT and embedded devices as this was our focus.</span></div><div><span><br></span></div><div><span>In this talk, we'll present some of the most interesting findings and discuss how we found them. We'll do a quick root-cause analysis for each of the selected cases and show, in high depth technical level, how this specific kind of vulnerability could be leveraged to a full-blown remote code execution exploit on affected systems. We'll discuss possible mitigation techniques and propose a method to check whether your application is affected by BadAlloc or similar vulnerability. Finally, a demo of a working RCE exploit will be presented.</span></div>
Presenters:
-
Tamir Ariel
- Security Researcher, Section 52 at Azure Defender for IoT, Microsoft
Tamir Ariel is a Malware Analyst and Reverse Engineer. Tamir is currently doing IoT vulnerability research in Section 52 at Azure Defender for IoT (CyberX).
-
Omri Ben-Bassat
- Security Researcher, Section 52 at Azure Defender for IoT, Microsoft
Omri Ben-Bassat is a Malware Analyst and Reverse Engineer with vast experience in dealing with nation-sponsored cyber attacks. Omri is currently doing IoT vulnerability research in Section 52 at Azure Defender for IoT (CyberX).
Links:
Similar Presentations: