34C3 - Taking a scalpel to QNX

Title:
34C3 - Taking a scalpel to QNX
Description:

https://media.ccc.de/v/34c3-8730-taking_a_scalpel_to_qnx

Analyzing & Breaking Exploit Mitigations and Secure Random Number Generators on QNX 6.6 and 7.0

In this talk we will present a deep-dive analysis of the anatomy of QNX: a proprietary, real-time operating system aimed at the embedded market used in many sensitive and critical systems, particularly within the automotive industry.

We will present the first reverse-engineering and analysis of the exploit mitigations, secure random number generators and memory management internals of QNX versions up to and including 6.6 and the brand new 64-bit QNX 7.0 (released in March 2017) and uncover a variety of design issues and vulnerabilities.

QNX is a proprietary, closed-source, Unix-like real-time operating system aimed at the embedded market. It is found in everything from BlackBerry products, carrier-grade routers and medical devices to military radios, UAVs and nuclear powerplants. On top of that, it dominates the automotive market and is found in millions of cars.

While some prior security research has discussed QNX, mainly as a byproduct of BlackBerry mobile research, there is no prior work on QNX exploit mitigations or its secure random number generators.

This talk seeks to close that gap by presenting the first reverse-engineering and analysis of the exploit mitigations, secure random number generators and memory management internals of QNX. We dissect the NX / DEP, ASLR, Stack Cookies and RELRO mitigations as well as the /dev/random and kernel PRNGs.

We subsequently uncover a variety of design issues and vulnerabilities in these mitigations and PRNGs, which have significant implications for the exploitability of memory corruption vulnerabilities on QNX as well as the strength of its cryptographic ecosystem. Finally, we provide information on available patches and hardening measures available to defenders seeking to harden their QNX-based systems against the discussed issues.

Jos Wetzels Ali Abbasi

https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8730.html

more » « less
Video Language:
English
Duration:
46:18
C3Subtitles edited English subtitles for 34C3 - Taking a scalpel to QNX
C3Subtitles added new URL for 34C3 - Taking a scalpel to QNX
C3Subtitles added new URL for 34C3 - Taking a scalpel to QNX
C3Subtitles added a video: 34C3 - Taking a scalpel to QNX
http://www.youtube.com/watch?v=F61qtWetoew
Format: Youtube
Primary
Original
Added   by C3Subtitles
Format: Youtube
Primary
Original
http://www.youtube.com/watch?v=QSAverOUibY
Format: Youtube
Added   by C3Subtitles
Format: Youtube
http://www.youtube.com/watch?v=HYGkv0nkcx8
Format: Youtube
Added   by C3Subtitles
Format: Youtube
This video is part of Amara Public.

Subtitles download

Incomplete subtitles (1)