Disrupting factories, missile bases and warships - Exploration into DDS protocol implementations
We discovered and disclosed vulnerabilities in most of the OMG Data Distribution Service (DDS) implementations. We fuzzed and reviewed six of said implementations, found multiple vulnerabilities within them, and also found loopholes in the DDS specification.
We focused on fuzzing network-layer parsers of implementations, and will introduce how we picked targets to test against with, how to overcome difficulties while fuzzing binaries, and how to commence such tests.
In this research, we will take you from knowing nothing about DDS to efficiently researching new vulnerabilities, which we encourage other researchers, users and implementers to do. Also, we’ll be disclosing actual vulnerability details for the first time ever, and insights on exposed endpoints in the Internet.