Critical Flaws Found in Amazon FreeRTOS IoT Operating System

October 22, 2018 Published in: News Author: Vedran Bozicevic

A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers.

FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems that has been ported to over 40 microcontrollers, which are being used in IoT, aerospace, medical, automotive industries, and more.

RTOS has specifically been designed to carefully run applications with very precise timing and a high degree of reliability, every time.

Since late last year, FreeRTOS project is being managed by Amazon, who created Amazon FreeRTOS (a:FreeRTOS) IoT operating system for microcontrollers by upgrading FreeRTOS kernel and some of its components.

Ori Karliner, a security researcher at Zimperium Security Labs (zLabs), discovered a total of 13 vulnerabilities in FreeRTOS’s TCP/IP stack that also affect its variants maintained by Amazon and WHIS.

The vulnerabilities could allow attackers to crash the target device, leak information from its memory, and the most worrisome, remotely execute malicious code on it, thus taking complete control over the target device.

Image Source

Read more: The Hacker News

Vedran Bozicevic

I am a digital marketer with several years of experience with various types of online marketing technologies and channels. Before joining GlobalDots, my experience included working as a content marketing manager for a software development company, and several others marketing positions where I worked on digital marketing strategies and channels.

Our Story

 

GlobalDots helps companies to evaluate, purchase, and integrate cloud services by acting as a neutral consultancy layer between vendors and customers with a keen focus on optimizing performance, workflows, and costs.

We're in the unique position to orchestrate full-stack, multi-vendor architectures such as multi-CDN, CDN+WAF+AWS, CDN+Mobile App optimization, dual-DNS, and other interesting setups.

Increase speed, availability and reliability of your website by learning from the experts in our FREE email course.

Learn everything you need to know about Bad Bot threats by downloading your FREE copy of Bad Bot Report 2018.

Find out the most important tips&tricks before selecting your next CDN provider in this FREE guide.

Find out all the specifics about web threats by downloading our FREE Field Guide to Modern Web Security.