• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

October 23, 2018 by Ruby(Qianru) Yang 3 Comments

Interesting news about a security researcher has discovered several critical vulnerabilities in Amazon FreeRTOS, a embedded real-time operating systems, and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. RTOS has specifically been designed to carefully run applications with very precise timing and a high degree of reliability, every time.

The security researcher discovered a total of 13 vulnerabilities in FreeRTOS’s TCP/IP stack that also affect its variants maintained by Amazon and WHIS, as shown below:
freeRTOS. The vulnerabilities could allow attackers to crash the target device, leak information from its memory, and the most worrisome, remotely execute malicious code on it, thus taking complete control over the target device.

 

https://thehackernews.com/2018/10/amazon-freertos-iot-os.html

Filed Under: Week 08: Social Engineering, Encoding and Encryption Tagged With:

Reader Interactions

Comments

  1. Xinteng Chen says

    October 24, 2018 at 10:09 am

    Hi Ruby

    Thanks for sharing the information. FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems that has been ported to over 40 microcontrollers, which are being used in IoT, aerospace, medical, automotive industries, and more. Open source operation system is more dangerous than close source operation system. It is important for Amazon to protect the system by paying close attention.

    Log in to Reply
    • Ruby(Qianru) Yang says

      October 29, 2018 at 4:02 pm

      Yes Xinteng, especially after I found that the vulnerabilities could allow attackers to crash the target device, leak information from its memory, and the most worrisome, remotely execute malicious code on it, thus taking complete control over the target device.

      Log in to Reply
  2. Haitao Huang says

    October 24, 2018 at 5:52 pm

    Hi Ruby,

    The vulnerabilities have been patched by Amazon, and the company will wait for 30 days before disclosing technical details of the issue since this is an open source project, which allows smaller vendors to patch the vulnerabilities.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in