www. O S N E W S .com
News Features Interviews
BlogContact Editorials

Dissecting QNX
By Thom Holwerda on 2018-09-19 22:08:51

This work concerns a dissection of QNX's proprietary, real-time operating system aimed at the embedded market. QNX is used in many sensitive and critical devices in different industry verticals and while some prior security research has discussed QNX, mainly as a byproduct of BlackBerry mobile research, there is no prior work on QNX exploit mitigations and secure random number generators. In this work, carried out as part of the master's thesis of the first author, we present the first reverse-engineering and analysis of the exploit mitigations, secure random number generators and memory management internals of QNX versions up to and including QNX 6.6 and the brand new 64-bit QNX 7.0 released in March 2017. We uncover a variety of design issues and vulnerabilities which have significant implications for the exploitability of memory corruption vulnerabilities on QNX as well as the strength of its cryptographic ecosystem.

This scientific article is not for people with short attention spans.

21  Comments - Printer friendly - Related stories
Recent related stories
- Building a QNX 7 desktop - 2017-04-28
- BlackBerry QNX SDP 7.0 released - 2017-03-31
- Implementing Mutexes in the QNX Neutrino Realtime OS - 2016-02-18
- Ford ditches Microsoft for QNX in latest in-vehicle tech platform - 2014-12-11
- QNX 6.6 released - 2014-03-12
- More related articles

Tell a friend
Your full name:
Your email address:
Your friend's email:
Anti-spam measure:

News Features Interviews
BlogContact Editorials

WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?