By 
- Real-time operating systems (RTOS) run billions of devices and are potential targets for hackers because their cyber resilience has been almost impossible to test.
- CEO Jan Wendenburg: “Our new RTOS component analysis and cybersecurity check is a real benefit for every manufacturer in the embedded industry.
Checking firmware images of real-time operating systems (RTOS) for vulnerabilities and malware poses significant problems for conventional security procedures. The Duesseldorf-based cybersecurity company ONEKEY has now developed its Product Cybersecurity & Compliance Platform (OCP) to automate this testing process to a large extent.
RELATED: CosmicStrand: Sophisticated firmware rootkit allows durable persistence
“From Firmware to Compliance in One Place” is how the company describes its approach to solving a problem that is becoming increasingly urgent in light of stricter cybersecurity legislation, including for embedded systems, and the sharp rise in cyber-attacks.
Real-time operating systems are used in almost every category of device. These include smart home devices such as smart thermostats, smart locks or lighting systems; sensors and actuators, for example in wireless sensor networks to efficiently collect and process data; control units in vehicles for engine, air conditioning or infotainment systems; medical devices such as ECG monitors or infusion pumps; industrial controllers in manufacturing plants or automation systems; networking devices such as routers and switches; and a wide range of consumer electronics, from drone control to electronic toys.
Devices running RTOS software worldwide is in billions
The number of devices running RTOS software worldwide is in the billions.
“All of these devices are potential targets for hackers. However, their cybersecurity has rarely been tested because it has been difficult to do so. We have now changed that”, said Jan Wendenburg, CEO of ONEKEY, explaining the importance of the new platform feature.
The new security check for real-time operating systems consists of several steps. First, the components of the RTOS firmware are identified. Then the versions and any known and possible unknown vulnerabilities are identified. This works even for monolithic binaries such as FreeRTOS. The next step is to assess the vulnerabilities to identify and eliminate relevant risks in the RTOS.
The optional automatic compliance check can identify vulnerabilities in seconds, including for cybersecurity standards such as IEC62443-4-2, EU Cyber Resilience Act and many others. This greatly simplifies audit preparation.
Background
The analysis of real-time operating system (RTOS) firmware images has been severely limited in the past, because they differ significantly from traditional Linux-based firmware. Unlike the latter, which typically consists of separate kernel, library and application logic components, RTOS firmware images are typically single, statically linked binary files.
This means that the entire operating system, along with all libraries and application code, is compiled into a single binary file, making it difficult to extract and analyse individual components.
This lack of granularity in RTOS firmware analysis presents several critical challenges:
- Limited analysis capabilities: Previous analysis tools have struggled to identify and extract components due to the monolithic nature of RTOS firmware images. As a result, it has not been possible to gain comprehensive insight into the software stack, open source libraries and potential vulnerabilities of these critical embedded systems.
2) Security and compliance risks: Without accurate identification of components and associated vulnerabilities, there is a lack of clarity about potential security risks and compliance issues in the RTOS firmware. This poses a significant risk to the security, reliability and regulatory compliance of embedded systems.
Demand for RTOS analysis support growing rapidly
At ONEKEY, the demand for RTOS analysis support has been growing rapidly for some time. This is partly due to the fact that FreeRTOS, one of the most popular open source RTOS variants, is used in a large number of embedded systems. About 40 microcontroller architectures support FreeRTOS, which has been developed over a period of 15 years. According to statistics, it is downloaded every 170 seconds, so it has a very wide global distribution.
“The automated testing of FreeRTOS firmware for vulnerabilities and security holes is a milestone for us and the entire embedded industry,” said Jan Wendenburg. Looking to the future, he said: “We have laid the foundation for future expansion to other RTOS variants. We have achieved our goal of creating a flexible and robust framework that meets the evolving needs of RTOS users in different industries.” In addition to expanding to other RTOS flavours, ONEKEY is also researching advanced analysis techniques to identify zero-day vulnerabilities in real-time operating systems, which the current version cannot yet do.
