A Deep Dive Into GarminOS And Its MonkeyC Virtual Machine

Dive into a comprehensive exploration of GarminOS and its MonkeyC virtual machine in this 48-minute conference talk from the Hack In The Box Security Conference. Discover the inner workings of Garmin's proprietary real-time operating system and custom language, which power their popular smartwatches and fitness devices. Follow the speaker's journey in reverse engineering the Garmin Forerunner 245 Music's firmware, uncovering critical vulnerabilities affecting over 100 Garmin devices. Learn about the CIQ application file format, virtual machine internals, binary resource management, and permissions implementation. Gain insights into the discovery and exploitation of low-level vulnerabilities, including design issues, memory corruption, and type confusion. Understand the impact of these findings on Garmin's product line and the coordinated disclosure process that led to security fixes. Explore specific examples of vulnerabilities with proof-of-concept applications, providing a deep technical understanding of the security challenges in smart fitness devices.