When major vulnerabilities show up in ubiquitous operating systems like Microsoft Windows, they can be weaponized and exploited, the fallout potentially impacting millions of devices. Today, researchers from the enterprise security firm Armis are detailing just such a group of vulnerabilities in a popular operating system that runs on more than two billion devices worldwide. But unlike Windows, iOS, or Android, this OS is one you've likely never heard of. It's called VxWorks.
VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems. That makes it a popular choice for Internet of Things and industrial control products. But Armis researchers found a cluster of 11 vulnerabilities in the platform's networking protocols, six of which could conceivably give an attacker remote device access, and use a worm to spread the malware to other VxWorks devices around the world. Roughly 200 million devices appear to be vulnerable; the bugs have been present in most versions of VxWorks going back to version 6.5, released in 2006.
Think of how the WannaCry ransomware used the Eternal Blue Windows vulnerability to spread across networks and around the world. It's like that, but with firewalls, industrial equipment, and medical devices instead of Windows machines. The result could be anything from device malfunctions to full system takedowns.
Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.
VxWorks developer Wind River is in the process of distributing patches for ..
Support the originator by clicking the read the rest link below.
