Chaos Communication Congress

Taking a scalpel to QNX (34x78)

: 28, 2017

Speakers: Jos Wetzels, Ali Abbasi Analyzing & Breaking Exploit Mitigations and Secure Random Number Generators on QNX 6.6 and 7.0 In this talk we will present a deep-dive analysis of the anatomy of QNX: a proprietary, real-time operating system aimed at the embedded market used in many sensitive and critical systems, particularly within the automotive industry. We will present the first reverse-engineering and analysis of the exploit mitigations, secure random number generators and memory management internals of QNX versions up to and including 6.6 and the brand new 64-bit QNX 7.0 (released in March 2017) and uncover a variety of design issues and vulnerabilities.