WHITE PAPER

Securing Linux Systems in the Internet of Things

Four Essential Steps for Ongoing Threat Mitigation

REGISTER TO DOWNLOAD THIS WHITE PAPER

The registration service is not available at this moment. Refresh the page and try again. If the registration form is not available try again later or contact the webmaster

For all its promise, the interconnected world has a dark side, with critical vulnerabilities like Heartbleed and Shellshock reported more and more often. This white paper walks you through how Wind River® combats reported security exposures, highlights statistical trends from our monitoring data, and explains different aspects you should consider as you create your security strategy.

Learn:

  • How ongoing monitoring helps you do the work of thousands of engineers
  • How to keep all your codebase updated as an ongoing process
  • How to get hot fixes for reported vulnerabilities
  • How to stay protected against future attacks

You may also be interested in the following:

WHITE PAPER

It's Transformation Time for Embedded Development

WHITE PAPERS

The Internet of Things for Commercial Aviation

WHITE PAPERS

Security: The Key to Affordable Unmanned Aircraft Systems

SECURITY VULNERABILITY RESPONSE INFORMATION

CVE-2018-8897

Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.

Impacted Products

A recently reported vulnerability, CVE-2018-8897, has been addressed by the Security Response Team. This software vulnerability potentially allows for Denial of Service attacks against operating system kernels and hypervisors.

CVE-2018-8897 is tracked under the following CVE entry:

We have determined that some Wind River products are impacted, including the following:

  • Wind River Linux
  • Wind River Pulsar Linux
  • Wind River Titanium Cloud (including Wind River Titanium Server)

Customers with questions about these vulnerabilities should contact Wind River Customer Support or their local Wind River representative for information regarding mitigation.

REMEDIATION

The following is a list of Wind River products impacted by the CVE-2018-8897 vulnerability. For versions of products not listed, please contact Wind River Customer Support or your Wind River sales representative.

Product

Impacted

Versions

Remediation

VxWorks
No
All
 
Wind River Linux
Yes
5, 6, 7, 8, 9, LTS
Please see the Wind River security notice at http://knowledge.windriver.com/Content_LookUp?id=K-511663
Wind River Pulsar Linux
Yes
8
More information coming
Wind River Titanium Cloud
Yes
15, 16, 17
More information coming
Wind River Titanium Server
Yes
15, 16
More information coming
Wind River Simics
No
All
 
 
** You need an account to access the Knowledge Library. If you don't have a valid Knowledge Library account, please contact local customer support.

We continue to monitor the situation on our security mailing lists in case there are new developments, and will post periodic updates via RSS feeds and the Wind River Support Network.

You Can’t Afford a Security Breach

This is just one of the more than 6,000 security vulnerabilities that our Security Response Team analyzes annually, and only one of the more than 1,000 annually for which we have produced a fix and rolled it out to all of our current customers.

Our support and maintenance practices and processes provide the most tangible proof of value when choosing Wind River products.
Learn more about Wind River Security practices at www.windriver.com/products/linux/security.

Customers are urged to keep their support and maintenance contracts current, and to install the latest available updates to their installed products. If you don’t know if your support and maintenance contract is current, make sure to contact your Wind River representative.

 
Wind River® is aware of and has analyzed the SSLv2 protocol vulnerabilities reported as CVE-2016-0702 (Side channel attack on modular exponentiation).

A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy Bridge microarchitecture that could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same hyper-threaded core as the victim thread which is performing decryptions.

 

Additional information: This issue has been rated as Low**

 

Further information can be found on the OpenSSL project site here: https://www.openssl.org/news/secadv/20160301.txt

 

** https://knowledge.windriver.com/en-us/020_Product_Support_Policies/010/000_Security_Vulnerability_Response_Policy

Remediation

Wind River has released hot patches for all affected Wind River Linux versions.

 

Affected Product Information

 

The following is a list of Wind River products and their vulnerability to CVE-2016-0702.

 

Product

Vulnerable

Versions

Remediation

Wind River Linux

Yes

8.x

Hot patch
https://knowledge.windriver.com/en-us/000_Products/000/010/020/000/000_Wind_River_Linux_Security_Alert_for_several_openssl_security_issues *

Wind River Linux

Yes

7.x

Hot patch
https://knowledge.windriver.com/en-us/000_Products/000/010/020/000/000_Wind_River_Linux_Security_Alert_for_several_openssl_security_issues *

Wind River Linux

Yes

6.x

Hot patch
https://knowledge.windriver.com/en-us/000_Products/000/010/020/000/000_Wind_River_Linux_Security_Alert_for_several_openssl_security_issues *

Wind River Linux

Yes

5.0.1.x

Hot patch
https://knowledge.windriver.com/en-us/000_Products/000/010/020/000/000_Wind_River_Linux_Security_Alert_for_several_openssl_security_issues *

Wind River Linux

Yes

4.3.0.x

Contact local customer support

Wind River Intelligent Device Platform

Yes

1.0, 2.0.x

Hot patch
https://knowledge.windriver.com/en-us/000_Products/000/010/020/000/000_Wind_River_Linux_Security_Alert_for_several_openssl_security_issues *

Wind River Intelligent Device Platform XT

Yes

3.0.x

Hot patch
https://knowledge.windriver.com/en-us/000_Products/000/010/020/000/000_Wind_River_Linux_Security_Alert_for_several_openssl_security_issues *
 

Note: *You need an account to access the Knowledge Library.

 

Simics One-Pager

Wind River Customers

Telco Systems

“Wind River is more than just a supplier to us. Wind River is a partner, since a large part of our software solutions are based on Wind River Linux.”

 

—David Moses, Vice President of R&D, Telco Systems

 

Wind River Linux Helps Telco Systems Diversify Its Products and Grow Its Market

Telco Systems supplies telecommunications and advanced networking equipment to leading telecom and data communication providers worldwide, including Nokia, IBM, BT, Tata, Alcatel-Lucent, and many others. Its Ethernet access solutions enable its customers to introduce new services and capture additional revenue by supporting mixed services across a carrier Ethernet network. In response to customer demand for Linux-based operating systems, the company developed a proprietary OS called BiNOS for its own line of routers, switches, and demarcation devices. When the time came for an upgrade, Telco chose Wind River® Linux as the basis for its next-generation OS, BiNOX.

Solutions used by Telco Systems

Wind River Linux

Featured Content

Customer Success Story
Website

The Flexibility to Adapt to Customer Demands

Powered by Wind River Linux, BiNOX is a carrier grade solution that allows real-time multitasking and enhanced user security. It also has online patch support and component-based development, which enable Telco clients to speed their products’ development cycle and improve time-to-market. The Wind River Linux–based BiNOS and BiNOX solutions have made Telco Systems products more scalable and easier to deploy, manage, control, and improve based on customer demands and needs. Moreover, using Wind River has enabled the company to expand its market by building and offering software as well as hardware, providing high-performance RTOS solutions to third-party original equipment manufacturers and telecom customers.

Wind River Customers

Shiron Satellite

“The Wind River team has shown us the difference between just developing products versus creating top-tier, industry-leading solutions.”

 

—Eyal Elhayany, Vice President of Research and Development, Shiron Satellite Communications Project

 

Shiron Satellite Delivers Better Broadband at a Lower Cost with Wind River

The world is amazingly well connected these days. And one of the companies doing the connecting is Israel’s Shiron Satellite Communications. Shiron’s InterSKY system brings high-quality, low-cost Internet access, interactive multimedia, and a wide range of Internet protocol (IP) broadband applications to even the most remote locations. Shiron originally developed InterSKY using a Windows®-based operating system running on a PC. When that operating system failed to provide the necessary results, the company decided to move to a real-time operating system (RTOS). After investigating several alternatives, VxWorks® emerged as the clear winner.

Solutions used by Shiron Satellite

VxWorks

Featured Content

Customer Success Story

Smaller Products, Faster Time-to-Market

Today, all of Shiron’s solutions are built on Wind River® Platform for Consumer Devices, VxWorks Edition. And Wind River Workbench, based on the Eclipse framework, has helped the development team standardize on a common toolset and achieve a faster time-to-market. With Wind River, Shiron gets real-time performance and can develop smaller, more stable products well suited to the growing broadband satellite market. Not only has Shiron been able to shrink the footprint and weight of its products in space, but also to shrink its budgets: the company says that VxWorks has helped lower its product costs by 50%.