Kill Latest MPU-based Protections in Just One Shot: Targeting All Commodity RTOSes

...In this talk, we will present severe security flaws that are universally present in the latest protections of commodity RTOSes, including Amazon's FreeRTOS, ARM's MbedOS, Microsoft's Azure ThreadX, Samsung's TizenRT, and rt-thread. These flaws encompass MPU misconfiguration, the absence of permission checks during mode switching, and more. We will describe our exploitation technique that takes advantage of these security flaws to easily escalate privilege and achieve arbitrary read and write. Through live-demos, we will showcase such exploitation targetting real-world products.... …

amazon arm azure flaws kill latest microsoft misconfiguration mode permission samsung security security flaws targeting