Skip to content
Embedded systems are electronic products that contain microprocessors and software, widely used in industrial production, medical electronics, automotive electronics, network communication, military aerospace, and other fields. Embedded systems generally consist of relatively fixed components, such as chips, flash memory, firmware, etc. The components mainly include hardware and software, where the software part directly interacts with the hardware, thus requiring higher security and reliability.
In the past 20 years, zero-day vulnerabilities in embedded software have emerged one after another, and the causes of most vulnerabilities are often due to relatively low-level errors. If potential security issues can be avoided through a series of testing methods and processes during the software development or application verification stages, the security of the software will be greatly improved. This need is particularly important in embedded environments where updates and iterations cannot be frequently performed. This article will discuss common software security issues in embedded systems in the C/C++ environment.
1. Buffer Overflow Vulnerability
Buffer overflow is a very common security issue in various types of software, not only existing in embedded software but also very common in other application software and operating systems. From the statistics of vulnerability types collected by the National Information Security Vulnerability Database (CNNVD) in June 2022, it can be seen that buffer error type vulnerabilities account for as much as 8.4%. The root cause of buffer overflow issues lies in overly trusting inputs without properly checking the boundaries of dynamic space, leading developers to copy data longer than the target, thus overwriting adjacent areas. Buffer overflow issues are very serious and can lead to system crashes, command execution, and other consequences. Practice shows that buffer overflow can occur in any area where variables are stored, such as heap, stack, bss, etc. Attackers can construct payloads of pre-calculated lengths to modify the return address of a function or replace it with the starting address of malicious code to complete the attack.
A memory leak refers to the waste of system memory caused by dynamically allocated heap memory in a program that has not been released due to programming personnel or other reasons. There is no distinction between the severity of memory leaks; no matter how minor the leak, it will reduce the performance of the program and ultimately consume all memory within a limited time, leading to system crashes. Memory leak issues are particularly important in embedded systems, where memory resources are usually much smaller than those on other platforms. If memory leak issues exist, they will cause serious consequences in a shorter time.
3. Null Pointer Dereference
A null pointer dereference, as the name suggests, is the use of a pointer that does not point to a valid address space, usually caused by the pointer not being initialized, properly assigned, or the memory space originally pointed to by the pointer being released. If programming personnel do not perform a non-null check on a pointer before using it, it may lead to null pointer dereference. The reason is that in the C/C++ environment, even if the malloc/new memory allocation function is used to assign a value, without checking the return result, it cannot be ensured that the memory allocation is successful. Null pointer dereference issues are more serious than memory leak issues because the former can lead to a direct system crash.
4. Format String Vulnerability
Format string vulnerabilities mainly exploit the printf series of functions in the C language, such as printf, sprintf, fprintf, and other C library functions. Formatting is used to control the display style of text, such as %d for outputting integers and %p for printing pointer addresses. If expected parameters are provided before using such functions, there will be no security issues. However, if input formats are not controlled and arbitrary user input is allowed, it can lead to serious security problems. The attack principle can leak specific register and stack values, creating space for attackers to exploit, resulting in system memory information leaks, control over code execution logic, remote command execution (RCE), and other severe consequences.
(Excerpt from “Confidential Science and Technology” February 2023 issue)
