Each day, thousands of systems make use of the Data Distribution Service (DDS) for real-time machine-to-machine communication. Although it is flexible and much research has been done into its integrity, we’ve found it to be so that many technicians who work with assets using DDS to accomplish mission-critical tasks have limited knowledge of the potential pitfalls it brings. For example, a quick search found over 600 public-facing DDS services in 34 countries. 202 of these were leaking private IP addresses or secret URLs – a sign of dangerously low data integrity that could be used to spark a cyber incident.
In this collaborative research, our researchers worked together with Trend Micro and Alias Robotics to identify vulnerabilities in the DDS protocol could potentially be exploited by attackers to impact critical infrastructure, including healthcare, energy, and defense. Readers will also find short- and long-term mitigation recommendations within.
This new report, “A Security Analysis of the Data Distribution Service (DDS) Protocol”, gives an overview of DDS as a critical software component in supply chains, identifying 13 new vulnerabilities from the 6 most commonly used implementations and 1 glaring gap in DDS’ security posture. This is in addition to other deployment issues in the DDS ecosystem that malicious actors could use for other illicit activities such as data theft and cyberespionage.
Download and read our full report to get the details of our research: A Security Analysis of the Data Distribution Service (DDS) Protocol
