Backdoor found in Curiosity rover OS

Nasa’s Curiosity rover has been on the surface of mars since August 6, 2012, just a little over three years since the landing. During this time Curiosity has been the main part of Nasa’s mars exploration program to assess if mars has an environment able to support small life forms. So far the lone rover has been working away at this task and everyone was satisfied. However recently there have been serious security flaws discovered within VXWorks, a real-time operating system made by Wind River of Alameda, California, US, in 1987. This OS not only is running on the Curiosity rover, it is also installed on machines that range from network routing to Boeing 787 Dreamliners. Scary stuff right? Using this security flaw hackers could get into a 787’s system and have the potential of taking the entire jet down, which is terrifying, or getting into Curiosities OS and being able to set back Nasa’s Mars team possibly months of research by messing with the rover.

hacking-vxworks-Curiosity-rover-os

The flaw was first shown at 44con by a Canadian researcher Yannick Formaggio. Yannick said “VxWorks is the world’s most widely used real-time operating system deployed in embedded systems. Its market reach spans across all safety critical fields, including the Mars Curiosity rover.” The flaw allowed Formaggio “to target a specific part of the operating system and write to memory on the machine running VxWorks. From there, it was possible to set up a backdoor account and control functions of the operating system.” as Formaggio quoted.

Seeing these kinds of vulnerabilities in such fragile systems is very scary. This means a hacker could setup a backdoor account and cause massive harm to anything they wanted. They could take control of parts of aircraft that run VxWorks, they could tamper with complex network routing systems, even the Curiosity rover if they wanted to. As you could imagine this doesn’t look good on VxWorks part but they have said that they are working on providing patches to all the machines that currently are affected by this flaw.

James O’Brien

source: http://www.ehackingnews.com/2015/09/security-bug-allows-hackers-to-take.html

Advertisements