Contiki-NG IoT Operating System Vulnerable to Out-of-Bounds Write Attack

CVSScvssV3_1: 8.2

Contiki-NG is an open-source operating system used in many Internet of Things (IoT) devices. Unfortunately, versions prior to 4.9 of Contiki-NG are vulnerable to an out-of-bounds write issue in its Bluetooth Low Energy (BLE) module.

The BLE module is responsible for breaking down large data packets into smaller fragments when transmitting over Bluetooth. It then reassembles these fragments on the receiving end. However, there was no check to ensure the buffer used to reassemble the packets was large enough. A malicious actor could craft a packet that causes up to 1152 bytes of data to be written outside the intended buffer boundaries.

This type of vulnerability, known as a buffer overflow, allows an attacker to execute arbitrary code or reveal sensitive data like passwords. In the case of an IoT device, it could enable full remote takeover.

Luckily, developers have addressed the issue in newer versions. But users still running vulnerable versions are advised to update their Contiki-NG installation immediately. It’s also recommended to review default passwords and network security settings after updating. Taking these steps will help protect IoT devices from potential out-of-bounds write attacks over Bluetooth.