Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical security vulnerability in ThreadX, a popular embedded real-time operating system used in IoT devices, through this 16-minute conference presentation from USENIX Security '25. Examine how performance optimization practices in ThreadX create exploitable security weaknesses that allow attackers to bypass parameter sanitization processes. Learn about the novel Kernel Object Masquerading (KOM) Attack methodology, which demonstrates how malicious actors can manipulate kernel objects through carefully selected system calls to access sensitive data, escalate privileges, or compromise entire systems. Discover the research team's automated approach using under-constrained symbolic execution to identify these vulnerabilities and understand their broader implications for embedded system security. Compare security implementations across popular RTOSs including FreeRTOS, Zephyr OS, and ThreadX, revealing significant differences in their system call parameter sanitization approaches. Gain insights into the experimental validation of KOM attacks on ThreadX-powered platforms and understand why major vendors like Amazon and Microsoft have acknowledged these critical findings on their security advisory websites.
