Stack Overflow Exploits for Wireless Sensor Networks Over 802.15.4Please email me, travis at utk.edu, if you are interested in attending a hands-on workshop later that evening.
Stack overflows have been a threat to security since the early 1980s,
but developers consistently leave such vulnerabilities open to attackers
because of mistakes in boundary checking. These mistakes are quickly
found and either fixed or exploited on servers and personal computers.
In industrial embedded systems, however, they are often left in deployed
products because of high replacement costs and the perceived difficulty
level of an attacker reaching the deployed system. IEEE 802.15.4,
Zigbee (R), ISA100 and wireless sensor networks using these protocols
are fertile ground for such exploits. This presentation presents an
application-layer protocol implementation that is vulnerable to a buffer
overflow, showing step-by-step how an attacker could write an exploit
that injects and executes arbitrary machine code over the air -- and how
you can prevent such an attack. The target system is a Telos B wireless
sensor node running TinyOS 2.x on the TI MSP430 microcontroller with a
TI/Chipcon CC2420 radio.
Wednesday, March 19, 2008
Speaking April 4th at UT, Knoxville
I'll be repeating my Texas Instruments Developer Conference talk in room 206 of Claxton Hall at the University of Tennessee, Knoxville on Friday, April 4th from five to seven o'clock for the local chapter of the ACM. The abstract follows: