AWS FreeRTOS vulnerabilities could crash IoT devices, warn cyber security researchers
Flaws in IoT operating system could allow hackers to compromise devices and leak data
Security researchers have discovered vulnerabilities in a popular operating system aimed at IoT devices that could enable attackers to crash connected devices in critical infrastructure systems and smart homes.
Researchers at IT security firm Zimperium discovered there are around 13 flaws in the FreeRTOS operating system that could let hackers crash devices, leak data or remotely execute code on them, allowing the devices to be compromised.
The flaws impact FreeRTOS V10.0.1 and below (with FreeRTOS+TCP), and AWS FreeRTOS V1.3.1 and below.
FreeRTOS has been ported to over 40 hardware platforms over the last 14 years, according to Zimperium researcher Ori Karliner. In November 2017, Amazon Web Services (AWS) took stewardship for the FreeRTOS kernel and its components.
He said that AWS FreeRTOS aims to provide a fully-enabled IoT platform for microcontrollers, by bundling the FreeRTOS kernel together with the FreeRTOS TCP/IP stack, modules for secure connectivity, over the air updates, code signing, AWS cloud support, and more.
“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” explained Karliner.
“These vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it, thus completely compromising it.”
Karliner said the bugs were disclosed to Amazon who collaborated with them to create patches for the bugs. These patches were deployed for AWS FreeRTOS versions 1.3.2 and onwards.
Source itpro
Industry: Cyber Security News
Latest Jobs
-
- Infrastructure (Network / Security) Engineer | West London commutable | Permanent
- London
- Apply today
-
Infrastructure (Network / Security) Engineer | West London commutable | Permanent This is an in house opportunity. Looking for someone that has on prem / data center experience MUST be a currently hands on config, Install, upgrade, troubleshooting experience Routing, Switching, Network Security (firewall, IDS etc), Microsoft Active Directory / 365. VMWare Scripting / automation experience wanted. Python, Powershell etc Must be commutable to West London twice a week. Visa sponsorship not available. Apply today for more information Book a call via this link https://calendly.com/d/crqf-t28-7tb
-
- Identity & Access Management Architect
- Edinburgh
- Upto £95000 plus bonus and benefits
-
Location: Edinburgh | Hybrid Working | Permanent Are you an experienced Identity & Access Management professional with a passion for designing and implementing cutting-edge security solutions? We are looking for a Lead Architect, where you’ll play a key role in helping clients enhance their IAM capabilities, protect critical data, and navigate complex security challenges. About the Role As a Lead Architect, you will be responsible for shaping and delivering IAM strategies, designing robust security solutions, and driving long-term digital transformation. You’ll leverage your expertise to provide strategic guidance on areas such as: Identity Governance & Administration (IGA) Privileged Access Management (PAM) Access Management (AM) Entitlement Management Directories & Authentication Solutions You will have the opportunity to work with innovative technologies and frameworks, ensuring that businesses can securely manage access to critical assets while enabling growth. What You’ll Be Doing Providing subject matter expertise in IAM and leading transformation projects for clients Developing IAM roadmaps, operating models, and governance frameworks Driving innovation by integrating IAM capabilities into wider digital transformation strategies Building and maintaining strong relationships with clients and stakeholders Designing and implementing scalable IAM solutions to meet business needs What We’re Looking For Proven experience in IAM strategy, solution architecture, or assurance Strong leadership skills with experience guiding technical teams Ability to work in a client-facing role, delivering clear communication and insights A technology-focused, innovative mindset with strong business acumen Willingness to work from our Edinburgh office 2-3 days per week