Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption

Vendor: ARM Vendor URL: https://os.mbed.com/ Versions affected: Prior to 5.15.2 Systems Affected: ARM Mbed OS Author: Ilya Zhuravlev Risk: High Summary: The ARM Mbed operating system contains a USB Mass Storage driver (USBMD), which allows emulation of a mass storage device over USB. This driver contains a three (3) memory safety vulnerabilities, allowing adversaries with … Continue reading Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption

Research Report – Zephyr and MCUboot Security Assessment

Over the years, NCC Group has audited countless embedded devices for our customers. Through these security assessments, we have observed that IoT devices are typically built using a hodgepodge of chipset vendor board support packages (BSP), bootloaders, SDKs, and an established Real Time Operating System (RTOS) such as Mbed or FreeRTOS. However, we have recently … Continue reading Research Report – Zephyr and MCUboot Security Assessment