Assessing the Resistance of Internet of Things Applications Against Memory Corruption Attacks: A Case Study for Contiki and Tizen

The Internet of Things helps objects to interact with each other and function more efficiently. However, one of the major challenges in this technology is security. Research on the security of the Internet of Things mostly revolves around network security, but IoT software security has not garnered adequate attention. Due to the need for high-speed applications and the real-time structure of operating systems in the Internet of Things, their applications are often coded in languages such as C and C++ and may be vulnerable to memory corruption attacks. In this article, we study the resistance of the applications running in two well-known operating systems in IoT, namely Contiki and Tizen, against memory corruption attacks and show how memory corruption vulnerabilities arise in these applications. We demonstrate the possibility of exploiting these vulnerabilities in Contiki and Tizen and the weakness or loss of memory protection mechanisms in these operating systems. By this analysis, we hope to notify the developers of Tizen and Contiki applications of the feasibility of exploiting memory corruption vulnerabilities in these operating systems and the importance of avoiding these vulnerabilities in their codes by paying enough attention to the secure coding principles.