Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firmware Vulnerability In Popular Wi-Fi Chipset Affects Laptops, Smartphones, Routers, Gaming Devices (zdnet.com)

Posted by BeauHD on from the zero-click-interaction dept.

Embedi security researcher Denis Selianin has discovered a vulnerability affecting the firmware of a popular Wi-Fi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices. According to Selianin, the vulnerability impacts ThreadX, a real-time operating system that is used as firmware for billions of devices. ZDNet reports: In a report published today, Selianin described how someone could exploit the ThreadX firmware installed on a Marvell Avastar 88W8897 wireless chipset to execute malicious code without any user interaction. The researcher chose this WiFi SoC (system-on-a-chip) because this is one of the most popular WiFi chipsets on the market, being deployed with devices such as Sony PlayStation 4, Xbox One, Microsoft Surface laptops, Samsung Chromebooks, Samsung Galaxy J1 smartphones, and Valve SteamLink cast devices, just to name a few.

"I've managed to identify ~4 total memory corruption issues in some parts of the firmware," said Selianin. "One of the discovered vulnerabilities was a special case of ThreadX block pool overflow. This vulnerability can be triggered without user interaction during the scanning for available networks." The researcher says the firmware function to scan for new WiFi networks launches automatically every five minutes, making exploitation trivial. All an attacker has to do is send malformed WiFi packets to any device with a Marvell Avastar WiFi chipset and wait until the function launches, to execute malicious code and take over the device. Selianin says he also "identified two methods of exploiting this technique, one that is specific to Marvell's own implementation of the ThreadX firmware, and one that is generic and can be applied to any ThreadX-based firmware, which, according to the ThreatX homepage, could impact as much as 6.2 billion devices," the report says. Patches are reportedly being worked on.

100 comments

  1. Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

    Spent over a month researching popular wifi adapters. Not even once dit I find an adapter using any model of chipset from Marvell. So the claim that this chipset model is very popular is bull.

    On the midrange side, Realtech chipsets (which have crappy drivers) were the king.

    1. Re: Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      Rinse, repeat?

    2. Re:Were are Marvell chipsets popular? by Desler · · Score: 1

      Maybe you should have read the summary?

      this is one of the most popular WiFi chipsets on the market, being deployed with devices such as Sony PlayStation 4, Xbox One

      That alone is more than 100 million devices.

    3. Re: Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      Wow taking over the WiFi eh?

    4. Re:Were are Marvell chipsets popular? by Narcocide · · Score: 1

      Hint: this means the manufacturers using it are embarrassed to advertise it on the box.

    5. Re:Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      "Spent over a month researching popular wifi adapters." -- That by itself proves you're a moron, if true

    6. Re: Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      Well aren't you special?

    7. Re: Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      It actually proves that you are to dumb and ignorant about the real world and about simple known facts like lots of people have jobs testing things for a variety of reasons.

    8. Re:Were are Marvell chipsets popular? by Anonymous Coward · · Score: 5, Informative

      Realtek is the lowest end. Those are the NICs you find on eBay or Amazon for a few bucks that usually have a name randomly generated from a syllable table. You'll also find them rebranded in non-dedicated-IT physical stores for $30. They shift a lot of them because they are the cheapest of the cheap and practically every no-name device has a little RTL crab in it somewhere. Many cheapo all-in-one motherboards have them too and a handful of other integrated devices.

      Marvell are still cheap and cheerful but a lot more popular for integrated devices. Marvell not so much for NICs, though I have seen a few. They're a lot more popular in cheap APs and other network devices than RTL as well. A lot more integrated devices are sold these days than discrete NICs.

      Atheros, Broadcom and Intel is where midrange (or the low end of enterprise), starts. Atheros and Broadcom do also have a fair representation in the consumer space, but they're seen in the high end enthusiast stuff rather than budget conscious, high volume garbage.

    9. Re: Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      You just prove that you are too moronically stupid ... since I didn't write the original post.

    10. Re:Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      LOL, what is a hacker going to do? Steal some children's little video games?

      Let me know when people with actual real things of value are at risk.

    11. Re: Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      Dumbass. Large numbers of zombie machines can be used for DoS and distributed hacks.

    12. Re: Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      Well, it seems the so called garbage is better than Marvell isn't it?

    13. Re:Were are Marvell chipsets popular? by Dustie · · Score: 2

      Realtek is the lowest end.

      Many cheapo all-in-one motherboards have them too

      Some (most?) of the best motherboards (for builders, overclockers, ect.) has Realtek net and audio. Mine has Realtek and some crappy extras besides what the chipset supports for USB, SATA, net, etc. Those crap ones are Marvell and an Intel NIC that is even worse than going back to token ring. Saying "Intel > Marvell > Realtek" tells me you have no clue what you are talking about. That's like saying a rocket is faster than a spoon. Well not for eating with!

    14. Re:Were are Marvell chipsets popular? by arglebargle_xiv · · Score: 1

      Spent over a month researching popular wifi adapters. Not even once dit I find an adapter using any model of chipset from Marvell. So the claim that this chipset model is very popular is bull.

      Spent over a month researching the cars parked on the street outside my house. Not even once did I find a car made by Toyota. So the claim that Toyota makes cars is bull.

    15. Re:Were are Marvell chipsets popular? by schweini · · Score: 1

      What exactly is the difference between low-end and higher-end NIC chipsets, as long as they manage their stated throughput speeds? The linux drivers are all open source and stable enough from what I can see?

      IIRC, some chipsets (or cards?) offload things like packet checksumming to dedicated silicon, hence reducing CPU load - but I can't remember having seen network traffic ever using any noticeable CPU load?

    16. Re: Were are Marvell chipsets popular? by Anonymous Coward · · Score: 0

      DC adapters are more popular than Marvel(l). ;)

  2. Don't use wifi by AHuxley · · Score: 1

    Enjoy some of the security of ethernet.

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:Don't use wifi by jfdavis668 · · Score: 3, Funny

      For real security, go back to Token-Ring.

    2. Re:Don't use wifi by Anonymous Coward · · Score: 0

      Don't forget to lock your token in the basement so it can't get out.

    3. Re:Don't use wifi by Anonymous Coward · · Score: 1

      For actual security, I do all my internet browsing offline, inside a Faraday cage, deep underground in my backyard bunker.

    4. Re:Don't use wifi by Cmdln+Daco · · Score: 1

      You can download and browse the entire Wikipedia offline. It all will fit on a medium sized SD card on your phone.

    5. Re:Don't use wifi by DontBeAMoran · · Score: 1

      Funny how the definition of "medium sized SD card" changes with each passing year.

      --
      #DeleteFacebook
    6. Re:Don't use wifi by Anonymous Coward · · Score: 0

      I thought all SD cards were the same size... then I found this on the (online) wikipaedia page:

      Most SD cards are 2.1 mm (0.083 inches) thick, compared to 1.4 mm (0.055 inches) for MMCs. The SD specification defines a card called Thin SD with a thickness of 1.4 mm, but they occur only rarely, as the SDA went on to define even smaller form factors.

      So a "medium sized" SD card would be around 32 mm × 24 mm x 1.8 mm, I suppose. Unless a "medium" is supposed to be between SD and Micro-SD?

    7. Re: Don't use wifi by Anonymous Coward · · Score: 0

      On Mosesâ(TM) tablet...

  3. I'm sorry for posting this spam... apk by Anonymous Coward · · Score: 0

    See subject: Everyone who assumed I'm responsible for posting this anti-Jew spam is correct. I'm a bitter, hateful little man & I'm ashamed of myself. I won't do this again.

    * Jews are wonderful people but I attack them because I have a MASSIVE inferiority complex. I'm wrong & I'm SORRY for flooding /. with this drivel. I won't do it again. I shouldn't be stalking amicusNYCL, either & I'll stop.

    I'm also SORRY for flagrantly SHITPOSTING about my third rate string concatenation & sorting program. It's all I have to show for life & I'm in my mid 50s.

    APK

    P.S.=> I truly am a garbage human being... apk

    1. Re: I'm sorry for posting this spam... apk by Anonymous Coward · · Score: 0

      APK blamed himself for the anti-Jew spam, dumbass. Or are you incapable of reading APK's apology for yourself? As for you, I hope you catch Ebola and die an extremely painful death.

    2. Re: I'm sorry for posting this spam... apk by Anonymous Coward · · Score: 0

      2 things are certain: You can't deny fact https://it.slashdot.org/commen... + you'ill end up in furnaces as your history shows.

  4. Fantasy by eclectro · · Score: 1, Insightful

    Patches are reportedly being worked on.

    Since when are any of these consumer devices' firmware actually upgradable??

    Maybe we need to have manufacturers buy everyone new devices so they'd actually learn their lesson.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
    1. Re:Fantasy by Desler · · Score: 2

      They've been upgradeable for decades.

    2. Re:Fantasy by Fly+Swatter · · Score: 1

      They all are - most firmware is loaded at runtime like a windows modem - it's just a matter of the manufacturer putting out a software update, which probably brings us to your point...

    3. Re:Fantasy by Kaenneth · · Score: 1

      Just drive around with the exploit, and when you have taken control, patch it.

    4. Re:Fantasy by Anonymous Coward · · Score: 0

      Nope. Put the source code for every product in escrow.
      The moment a fatal CVE is issued, and there is no pach forrthcoming (it does not mater - not available means that) the code is in the pubic domain. If this does not happen, people can return devices for a full refund.

    5. Re:Fantasy by tlhIngan · · Score: 1

      Patches are reportedly being worked on.

      Since when are any of these consumer devices' firmware actually upgradable??

      Maybe we need to have manufacturers buy everyone new devices so they'd actually learn their lesson.

      Why? I'm sure Sony and Microsoft will update their game consoles - both are supported devices still and can be updated during the next software update that gets pushed out. I'm pretty certain the Microsoft Surface will be updated as well.

      Ditto the Chromebook since that gets regular updates.

      Maybe the smartphone won't get updates, but everyone else pretty much will.

    6. Re:Fantasy by shplopt · · Score: 1

      Is there a name for that? Peacedriving perhaps?

    7. Re:Fantasy by DontBeAMoran · · Score: 1

      I propose "patchdriving".

      --
      #DeleteFacebook
  5. Re: Shut up, APK by Anonymous Coward · · Score: 0

    Go hang yourself.

  6. Express Logic Announces THREADX® MISRA Compli by Pinky's+Brain · · Score: 4, Funny

    https://rtos.com/news/express-...

    Once again proving, the only way to safely use C is by only hiring 200 IQ coders who have been developing firmware for 30 years and have never created an exploitable bug in their entire life. Like all the developers who will argue me on this ... there's just not enough of you guys to go around though.

  7. Re:Express Logic Announces THREADX® MISRA Com by Desler · · Score: 2

    So by this logic Java is also not safe for anyone to use either, no?. You didn't forget that the massive Equifax hack was due to a remote code execution vulnerability in Apache Struts which is written entirely in Java, right?

    https://blogs.apache.org/found...

  8. Re:Express Logic Announces THREADX® MISRA Com by Desler · · Score: 0

    Oh and back in August 2018 there was this other beauty of a bug in Apache Struts:

    https://threatpost.com/apache-...

    I bet the flaws exploited in the 100%-Java-code Apache Struts has caused far more widspread harm to consumers than this WiFi firmware bug.

  9. Re:Express Logic Announces THREADX® MISRA Com by Desler · · Score: 0

    Oh and here's an RCE flaw in 100%-Java-code Apache Tomcat:

    https://threatpost.com/apache-...

    If even the Apache Foundation can't right secure Java code why should we expect an average-skilled Java coder is able to?

    This game is fun. Shall I start listing comparable security bugs in software written in Ruby, Python and other such supposedly "safe" langauges?

  10. Re:Express Logic Announces THREADX® MISRA Com by Desler · · Score: 1

    Oh and even Heartbleed can claim but a small fraction of the damage that the Struts bug did with the breadth of the Equifax breach.

  11. ThreadX RTOS by duke_cheetah2003 · · Score: 4, Interesting

    If I'm reading this correctly, the blame for these exploits is being squarely placed on this ThreadX RTOS thing.

    Well, you signed up for proprietary operating system, this is what you get when you do that. This is the downside of using code you can't look at and assess yourself, or have it assessed by professionals. You just have to take their word for it that it's security, stable and good. Obviously, this particular proprietary operating system is not secure.

    Must say, I'm mildly surprised. Checking out ThreadX RTOS website, they seem to have all sorts of fancy certifications which I have no idea what mean, but surely they mean something? Just not secure and exploit free operating system?

    1. Re:ThreadX RTOS by thegarbz · · Score: 2

      Well, you signed up for proprietary operating system, this is what you get when you do that.

      What makes you think that if the OS were non proprietary that the companies in question would have bothered to go through and debug the source code? The many eyes theory has been proven false over and over again in open source.

      Have *you* gone through the Linux kernel line by line? Or are you making an assumption that someone, somewhere who is competent has done a good job?

    2. Re:ThreadX RTOS by Anonymous Coward · · Score: 0

      I don't think it's accurate to say that it's an OS exploit. An OS data structure is overwritten in the attack, but the application does that. Isolation features are typically not present in embedded systems which are that small.

    3. Re:ThreadX RTOS by Anonymous Coward · · Score: 1

      I used ThreadX back in the day. Not sure this is still the case but they used to give you a copy of the source code when licensed. It was proprietary but you could definitely look at the source.

    4. Re:ThreadX RTOS by Anonymous Coward · · Score: 0

      Humans will always make mistakes. Anything made by humans will always have flaws. So the end result of your train of thought is to use nothing. That is a stupid way to live. You structure your life so that when the mistakes that will happen do happen then the result isn't horrible.

    5. Re:ThreadX RTOS by BadDreamer · · Score: 1

      [quote]The many eyes theory has been proven false over and over again in open source.[/quote]

      In fact it has been proven TRUE over and over again in open source. When a project is popular and well used, bugs (which all are security risks; the only difference between them is magnitude) get rooted out very efficiently.

      And wifi modules are incredibly popular. If these had been running an open source OS, immense amounts of scrutiny would have been applied.

      Sure, unpopular projects and products do not get a lot of attention. There bugs can thrive. But the difference there is, if security is important to me, I can hire someone to look over the open source code - and even a cheap analysis using static tools performed by someone who knows what they're doing will make a huge difference. With closed source, on such products, it will be very hard to perform any kind of security review.

    6. Re:ThreadX RTOS by thegarbz · · Score: 1

      In fact it has been proven TRUE over and over again in open source. When a project is popular and well used, bugs (which all are security risks; the only difference between them is magnitude) get rooted out very efficiently.

      Look just claiming something doesn't make it so. Maybe have data to back it up? I know I know you would struggle to prove a false, but if the CVEs on OpenSSL, and Bash (just to name 2 very high profile cases recently) are anything to go by your statement could not be more wrong.

      Now to be fair the bugs are shallow statement is misrepresented. Linus's law specifically talked about beta testing and problems, not covert security vulnerabilities. But the misrepresented version has been proven false over and over again, and to claim otherwise is an incredible display of .... selective attention (even ignorance couldn't get someone this wrong).

      if security is important to me, I can hire someone to look over the open source code

      Did you? I bet you didn't. The number of opensource projects which have received complete independent security audits can be counted on one hand, and the most high profile case of this took so long that the results didn't even come in before the project was formally abandoned (over 2 years).

      With closed source, on such products, it will be very hard to perform any kind of security review.

      A concern which would be more valid if anyone demonstrates that security reviews are being performed on open source software.

    7. Re:ThreadX RTOS by BadDreamer · · Score: 1

      Linus does not differentiate between bugs and bugs. They are all bugs.

      And yes, I did look over open source code.And my employer did, on my recommendation. Some of those applications are now in-house maintained, as they have been abandoned. Others, the patches have been given back to the project.

      The point is not that security reviews are performed on open source software. I have not claimed that routinely happens (though companies I have worked for do them all the time). The point is, when I need to use a product or project for a security sensitive implementation, I have the ability to perform a security audit. Since I usually work where we have such expertise in-house, we can perform that, and depending on the state of the project either give back to the project or maintain our own patches.

    8. Re:ThreadX RTOS by dog77 · · Score: 1

      Well, you signed up for proprietary operating system, this is what you get when you do that. This is the downside of using code you can't look at and assess yourself, or have it assessed by professionals.

      ThreadX does distribute its source.

      From https://en.wikipedia.org/wiki/... ThreadX is distributed using a marketing model in which source code is provided and licenses are royalty-free.

    9. Re:ThreadX RTOS by dog77 · · Score: 1

      If I'm reading this correctly, the blame for these exploits is being squarely placed on this ThreadX RTOS thing.

      I think you are reading it incorrectly and the summary is misleading. This is NOT a ThreadX bug:

      From https://embedi.org/blog/remote...
      So, we have 2 techniques to exploit ThreadX block pool overflow. One is generic and can be applied to any ThreadX-based firmware (in case it has a block pool overflow bug, and the next block is free). **Emphasis on: "in case it has a block pool overflow bug"

    10. Re:ThreadX RTOS by Anonymous Coward · · Score: 0

      > Well, you signed up for proprietary operating system, this is what you get when you do that. This is the downside of using code you can't look at and assess yourself ...

      According to their website (https://rtos.com/solutions/threadx/licensing), the licensing for ThreadX is royalty-free and comes with complete source code, so it may be proprietary but "using code you can't look at" doesn't appear to be an issue.

  12. Re:Express Logic Announces THREADX® MISRA Com by Pinky's+Brain · · Score: 1

    Type errors are unavoidable, buffer overflows are unavoidable in (MISRA) C.

  13. PS4 and Xbox patches soon by Anonymous Coward · · Score: 0

    If there is even a remote possibility of using this to own current gen consoles remotely then I'd expect patches within days not weeks. Imagine wardriving your local neighborhood and gaining WiFi access to any house with a games console in five minutes. Perfect for the TLAs though eh.

    1. Re:PS4 and Xbox patches soon by EETech1 · · Score: 1

      Or to try and jailbreak the console.

    2. Re:PS4 and Xbox patches soon by Anonymous Coward · · Score: 0

      This only an exploit for the wireless chip itself, not the main system.

    3. Re:PS4 and Xbox patches soon by EETech1 · · Score: 1

      I know, but it is another opportunity to control an interface to the processor.

      There was another console that was defeated by a faulty USB stack.

      Think of all the fun someone could have being able to send whatever they want into the wireless stack of the main processor after it has been booted.

      You're not giving some very smart console hackers credit!

    4. Re:PS4 and Xbox patches soon by drinkypoo · · Score: 1

      Anything you can get into that can do DMA can get into the system if they misuse the IOMMU, but if they get that right, the wireless chip seems to be of little value. But maybe you could make it claim to be some other peripheral...

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  14. Oh dear by Anonymous Coward · · Score: 4, Insightful

    Certified by SGS-TUV Saar for use in safety-critical systems and achieved EAL4+ Common Criteria security certification. Oops. There goes your pacemaker.

  15. Re:Express Logic Announces THREADX® MISRA Com by Anonymous Coward · · Score: 0

    Got any for C#?

  16. Good news! by Anonymous Coward · · Score: 0

    NSA and peer agencies: Good news! The system is working as intended!

  17. Re:Express Logic Announces THREADX® MISRA Com by Desler · · Score: 0

    And yet, the Struts vulnerability caused massively more damage to more people.

  18. Re:Express Logic Announces THREADX® MISRA Com by Desler · · Score: 1

    [quote]Type errors are unavoidable,[/quote]

    And yet in the real world they aren't as numerous CVEs can attest. I can also find numerous other causes of security vulnerabilities due to SQL injection, etc. as well. All in software supposedly written by the cream of the crop of these "safe" languages.

    It's almost as if the entire base of your argument is bullshit.

  19. Re:Express Logic Announces THREADX® MISRA Com by Waffle+Iron · · Score: 2

    You seem to really be obsessing over this issue.

    It's like arguing that cars shouldn't have safety belts and airbags, since you can never rule out the chance that you might die of a heart attack wile you're driving.

  20. Re:Express Logic Announces THREADX® MISRA Com by Pinky's+Brain · · Score: 1

    Oh yeah, SQL has been nearly as destructive as C ... no argument there. The native use of it in web front ends makes certain types of disastrous errors very easy to make.

  21. 2-4KB of RAM & $300 million risk limits OS cho by raymorris · · Score: 4, Interesting

    > they seem to have all sorts of fancy certifications which I have no idea what mean, but surely they mean something?

    Mostly they mean that you can depend on it running perfectly reliably, so you can trust your $300 million space probe to ThreadX.

    You may have also noticed ThreadX takes 2KB of memory.

    When your system requirements are the kind of thing ThreadX is designed for, you don't have a ton of options. Maybe three will be worth considering, and likely one will be the best fit, just on technical considerations.

  22. Re:Express Logic Announces THREADX® MISRA Com by Pinky's+Brain · · Score: 3, Insightful

    You can interpret data in an incoming packet as code for a domain language in any programming language. There is no language feature which caused this and for which alternatives have been actively researched for decades but held back by curmudgeons.

    The same can not be said for buffer overflows.

  23. Re: No, Really, GTFO. by Anonymous Coward · · Score: 0

    He was right, you're a fucking idiot. Stop being a chink goof.

  24. Re:2-4KB of RAM & $300 million risk limits OS by AmiMoJo · · Score: 2

    It makes me wonder if they really needed an RTOS for this. In my experience often the RTOS is just a crutch for programmers who don't know how to survive without an OS. It's actually needed for what they want to do, and in fact tends to just make things worse.

    Of course there are times when you want one. Stuff that takes a long time and which you can't easily break up into smaller steps, which wifi stuff seems like it might be a good fit for.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  25. Re:Express Logic Announces THREADX® MISRA Com by Anonymous Coward · · Score: 0

    Driver auto safety constraints increase by 11% age-challenged oldsters chances of heart-attack while driving. Not-nice to increase pressure on decrepit blood-flow.

  26. Re:2-4KB of RAM & $300 million risk limits OS by Anonymous Coward · · Score: 0

    Any state machine can be considered as an "operating system", actually. Even very simple CMOS chips have undefined states that are undocumented, and that can possibly exploited to make the chip do something it is not expected to do. This is an "OS hack".

    The problem with a wifi chip is that an exploit can lead to exposure of valuable information - information is sent unencrypted between the CPU and the chip, and can be extracted. Specifically, wifi passwords. Once you get access to a wifi password, you can connect to the wifi network using a normal computer and have fun.

  27. Re:Express Logic Announces THREADX® MISRA Com by thegarbz · · Score: 1

    the only way to safely use C

    I know. Our firmware should be coded by highschoolers using Rust. Then it'll be 100% bug free and safe.

  28. Re:2-4KB of RAM & $300 million risk limits OS by thegarbz · · Score: 2

    Abstraction adds safety. The closer to your hardware you get the more complicated and quirky edge cases you need to handle and debug. The library principle applies here too. e.g. you don't want every idiot reinventing openssl the end result would be very bad. Instead by abstracting yourself and building on the platform of others you have not only reduced the chance of bugs in your code, you've increased consistency between your products and platforms while also dramatically simplifying the process of bug fixing.

  29. This is why we need opensource firmware by aglider · · Score: 1

    That's it.

    --
    Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
  30. Re:Express Logic Announces THREADX® MISRA Com by Pinky's+Brain · · Score: 1

    Firmware relevant to your well-being will get coded by the equivalent of those highschoolers any way. You celebrate the continued use of C and giving those kids all the tools to harm you with. I think the necessity for replacing C in most fields should have been clear to the industry since before the current crop of highschoolers was born.

  31. WLAN needs to be on separate processor by Anonymous Coward · · Score: 0

    A good assumption when designing an IoT device is this: At some point a bug will be found that allows remote execution of malicious code on the chip that handles the communications with the outside world. You need to take this into account and design accordingly.

    Split the tasks between a physically separate communication processor and another chip responsible for the rest of the functionality of the IoT device. Take into account that the communication processor might try to make a denial-of-service attack through the bus connecting it to the main processor.

    Security by layers. A succesful attack against the outer layer should not compromise everything. Saving a few dollars here is no reason to use the same processor for everything.

  32. Re:Express Logic Announces THREADX® MISRA Com by thegarbz · · Score: 1

    Take away people's guns and they'll just stab you. Your notion that if avoid writing in C (especially in low level systems like this) everything will be better is just stupid.

  33. Re: Express Logic Announces THREADX® MISRA Co by Anonymous Coward · · Score: 0

    Putting on a seat belt doesn't limit your car to 10kph while using 10x as much gas.

  34. Everyone with this chipset is at risk! by DontBeAMoran · · Score: 1

    Then proceeds to only list a few devices using that chipset, not a complete list.

    What the fuck are we supposed to do with this information?

    --
    #DeleteFacebook
  35. Wonderful! by Locke2005 · · Score: 1

    Guess what chipset the newest HP printers are using?

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  36. Re:2-4KB of RAM & $300 million risk limits OS by AmiMoJo · · Score: 1

    That works on bigger systems where you have hardware support for abstraction, things like memory protection.

    Without it the abstraction doesn't help. A bad pointer can still trash another task. Maybe other tasks can still run even if one hangs, but now you need a two level watchdog system to save that task and to save the OS in case that gets stuck.

    As for libraries, sure for openssl, but does openssl need an RTOS just to be ported? And are you going to maintain that port? Makes more sense to shove stuff like that further up the chain into the real OS, not run it on the embedded processor.

    Testing can be very difficult with an RTOS. Timing changes as tasks go active and inactive. It's near impossible to get 100% coverage of all possible timing patterns and interactions.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  37. Re: W(h)ere are Marvell chipsets popular? by Anonymous Coward · · Score: 0

    Sigh. These devices are full blown, relatively powerful, though purpose built, computers. They have the capacity to steal and store data, then send the data to the operator of the malware installed via this exploit.
    The good news is that the companies using them are big enough to demand a firmware fix, or mitigate the issue in a patch to the OS if an update isn't possible.
    Still...#pcmasterrace

  38. Re:2-4KB of RAM & $300 million risk limits OS by thegarbz · · Score: 1

    A bad pointer can still trash another task. Maybe other tasks can still run even if one hangs, but now you need a two level watchdog system to save that task and to save the OS in case that gets stuck.

    What we could do is collect all of these functions in a common structure and run it on our hardware. Let's give it a fancy name like "Operating System".

  39. This is one reason 4 ath9k and ath9k-htc hardware by Anonymous Coward · · Score: 0

    While there aren't many sources for devices with Atheros chipsets today based around these drivers/firmwares there is a complete set of source code available thanks to ThinkPenguin's efforts and they still do sell wifi adapters and cards with these chipsets. Unfortunately none of the newer chips have a complete set of source code available and nobody has been cooperative in releasing a complete set of code. The FCC didn't help things either by mandating router lock downs. And no matter what BS propaganda that is effectively what was required even if the wording was otherwise and companies deceived users into thinking that they solved this problem. Making something read-only does not really solve the problem as you still are executing code that you not have from a security and privacy perspective. You still don't have full control over your own devices.

  40. Selianin by Anonymous Coward · · Score: 0

    Selianin in Bulgarian means " Red neck", so he is Denis Redneckski

  41. Re:2-4KB of RAM & $300 million risk limits OS by Ungrounded+Lightning · · Score: 2

    It makes me wonder if they really needed an RTOS for this.

    Running on an RTOS ENORMOUSLY simplifies things when you have multiple, independent (or mostly independent), things you have to manage in real time.

    The task or task set managing each of these independent things can be written without regard for any of the other stuff going on, except for those tiny and well-contained places where it must communicate with another task handling something related. Meanwhile the OS handles the resource allocation, scheduling, and inter-task communication.

    With a good set of patterns to program to, everything gets broken into simple and tiny pieces, small enough to understand and make reliable. The simplicity letts you avoid gobs of on-the-fly checking program bloat, and get a lot done very quickly with minimal resource.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  42. Re:Express Logic Announces THREADX® MISRA Com by Anonymous Coward · · Score: 0

    Your entire argument is a strawman. You're cherry picking random examples instead of looking at overall stats. The rates and ease of creating security bugs in these couple languages far exceeds other languages. They should not be used how they're being used. There are better options out there and if for some reason there isn't, then make one.

  43. Re: Don't use wifica by bn-7bc · · Score: 1

    Well obviosly, orherwise they would not fit in the slotrs/ readers, I think the poster you responsed to meant capasety not physical size,I often mske that simplifixcation myself since moste storrage nedia comes b a standard form factor (have you for instance seen any sata ssds, not counting m.2 ans pcie ,that where anything other then 2.5inches wide) ? I admit it is technicaly innscurate to say size when you mean capacity, but unfortunatly making people care is about as easy as making the US change to the metric system or even to chsnge from messuring temprature in faranheit to selcius (pesonaly I tend to find mertic and celsius more convinient could just be habit at list for temprature but when it comes to other mesurements netroc just makes conversion between units simpler example one liter = (.1)^3m^3, or 1m^3 =1000 liters ,now how many pints are there in a cubic yard again? Woops went a bit ot there sorry about that have a nice day

  44. Re:Express Logic Announces THREADX® MISRA Com by Pinky's+Brain · · Score: 1

    Stab resistant vests are lighter than bullet resistant ones.