Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)

Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use.  DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable communication layer between sensors, controllers, and actuators.

This technology is situated at the beginning of the supply chain as a layer that connects, controls, and monitors applications, sensors, and actuators, aimed at maintaining interoperability and fault tolerance. It is used in various critical sectors such as healthcare, transportation, industrial internet of things (IIoT), robotics, aeronautics, and the military, among others. Given these factors, this makes the middleware technology an attractive target for attackers.

We analyzed this software and found multiple security vulnerabilities. This blog lists 13 identified security gaps that were assigned new CVE IDs found in the six most common DDS implementations, mostly concerning deployment. We also show a preview of the security gaps we found in the standard’s specification and a summary of our testing procedure. For details on the known vulnerabilities, attack scenarios, and research methodology, read our full paper “A Security Analysis of the Data Distribution Service (DDS) Protocol.” All the vulnerabilities found have been disclosed and patched or mitigated by their respective vendors.

New vulnerabilities

We studied six widely used DDS implementations, chosen based on executions’ number of users and customers in the critical sectors globally.  We also looked at each implementation’s real-time publish-subscribe (RTPS) packet, as DDS is dependent on its own lower layer standard protocol.

Notably, we also studied the Robot Operating System 2 (ROS 2) because it uses DDS as its default standard operating system (OS) middleware for all robotics and automation use cases. Given the service’s position as a security and operations building block, all vulnerabilities that affect DDS also affect the rest of the software stack, such as RTPS and all ROS 2 instances.

Read More HERE