A security researcher discovered a serious yet simple flaw in
VxWorks, a real-time operating system for the Internet of Things, which an attacker could remotely exploit without needing any interaction with a user. The OS is used in everyday things like network routers to critical infrastructure as well in NASA’s
Curiosity Rover on Mars and Boeing 787 Dreamliners.
Searching for VxWorks via Shodan reveals about 100,000 internet-connected devices running the OS, but VxWorks supposedly
powers “billions of intelligent devices.” The researcher warned that the vulnerability “allows remote code execution on most VxWorks-based devices.”
