AWS FreeRTOS vulnerabilities could crash IoT devices, warn cyber security researchers
Flaws in IoT operating system could allow hackers to compromise devices and leak data
Security researchers have discovered vulnerabilities in a popular operating system aimed at IoT devices that could enable attackers to crash connected devices in critical infrastructure systems and smart homes.
Researchers at IT security firm Zimperium discovered there are around 13 flaws in the FreeRTOS operating system that could let hackers crash devices, leak data or remotely execute code on them, allowing the devices to be compromised.
The flaws impact FreeRTOS V10.0.1 and below (with FreeRTOS+TCP), and AWS FreeRTOS V1.3.1 and below.
FreeRTOS has been ported to over 40 hardware platforms over the last 14 years, according to Zimperium researcher Ori Karliner. In November 2017, Amazon Web Services (AWS) took stewardship for the FreeRTOS kernel and its components.
He said that AWS FreeRTOS aims to provide a fully-enabled IoT platform for microcontrollers, by bundling the FreeRTOS kernel together with the FreeRTOS TCP/IP stack, modules for secure connectivity, over the air updates, code signing, AWS cloud support, and more.
“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” explained Karliner.
“These vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it, thus completely compromising it.”
Karliner said the bugs were disclosed to Amazon who collaborated with them to create patches for the bugs. These patches were deployed for AWS FreeRTOS versions 1.3.2 and onwards.
- M&E Project Manager
- £35,000 - £65,000 + Bonus + Benefits
M&E Project Manager with a Data centre / Construction / Mission Crticial background is needed in London area to join a leading Data Centre business. The M&E Project Manager MUST have experience working in data centre or mission critical project environments for a minimum of 2 years The M&E Project Manager will be responsible for planning, controlling and coordinating the delivery of various construction and business as usual projects. Ensuring work keeps to deadlines and within cost parameters. You will be responsible for overseeing projects worth over £5 million from start to finish, managing suppliers and contractors. This is an excellent opportunity for someone looking to build a career working for an internationally recoginised brand who truely belive in staff development and progression. Reference Number: PG7448
- Marketing Specialist
- £35k - £37k + Bonus + Excellent Benefits
My client, a leading name in the IT industry, are seeking a Marketing Specialist to join their team. This is an excellent role for someone looking to develop themselves in a diverse role with resposnbilites and authority with the real chance to make change and have an effect on a global business. Required Experience: 5+ Years in Marketing + Public Relations Experience organising and running campaigns and events. Content Creation - Social Media, Website and Blogs Email Campaigns A degree in Marketing, Business admin or related subject Marketing qualification, ideally CIM. IT / Telecoms Background prefered but not essential. Reference: PG7447
- ServiceNow Administrator (Contract)
- £350 Per Day
We are currently working on behalf of a London based service provider who are on the look out for a ServiceNow Administrator for a 6 month initial contract The ServiceNow Administrator will be responsible for supporting, configuring, scripting & integrating the ServiceNow ITSM (IT Service Management) tool. Requirements Current ServiceNow ITSM (IT Service Management) experience is a MUST Current experience within an IT service provider A Certified ServiceNow System Administrator certification isn’t a must be extremely beneficial Day Rate: £350 Per Day Reference Number: BD7439a
- Cyber Security Sales
- £120,000 – £140,000 OTE
£120k - £140k OTE Sales Account Management / New Business in the London / Reading area. This opportunity comes with existing accounts with internal sales support. MUST have the ability to develop New business as well as help existing accounts. Experience selling Solution and Managed service experience preferred e.g. Check Point, Palo Alto, F5, etc. Must be UK based and ideally able to achieve SC clearance DCL Search & Selection Exclusive and looking to hire ASAP. Contact me for more info 07884666351 / chris.holt@DCLSearch.com Reference Number: CH7444