Interesting news about a security researcher has discovered several critical vulnerabilities in Amazon FreeRTOS, a embedded real-time operating systems, and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. RTOS has specifically been designed to carefully run applications with very precise timing and a high degree of reliability, every time.
The security researcher discovered a total of 13 vulnerabilities in FreeRTOS’s TCP/IP stack that also affect its variants maintained by Amazon and WHIS, as shown below:
freeRTOS. The vulnerabilities could allow attackers to crash the target device, leak information from its memory, and the most worrisome, remotely execute malicious code on it, thus taking complete control over the target device.
https://thehackernews.com/2018/10/amazon-freertos-iot-os.html
Xinteng Chen says
Hi Ruby
Thanks for sharing the information. FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems that has been ported to over 40 microcontrollers, which are being used in IoT, aerospace, medical, automotive industries, and more. Open source operation system is more dangerous than close source operation system. It is important for Amazon to protect the system by paying close attention.
Ruby(Qianru) Yang says
Yes Xinteng, especially after I found that the vulnerabilities could allow attackers to crash the target device, leak information from its memory, and the most worrisome, remotely execute malicious code on it, thus taking complete control over the target device.
Haitao Huang says
Hi Ruby,
The vulnerabilities have been patched by Amazon, and the company will wait for 30 days before disclosing technical details of the issue since this is an open source project, which allows smaller vendors to patch the vulnerabilities.