Critical Flaws Found in Amazon FreeRTOS IoT Operating System

[diyaudio]

A security researcher at Zimperium Security Labs (zLabs), discovered a total of 13 vulnerabilities in FreeRTOS's TCP/IP stack that also affect its variants maintained by Amazon and WHIS.

https://thehackernews.com/2018/10/amazon-freertos-iot-os.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1856.ch0ao075h1.151u

[nomadd]

A security researcher at Zimperium Security Labs (zLabs), discovered a total of 13 vulnerabilities in FreeRTOS's TCP/IP stack that also affect its variants maintained by Amazon and WHIS.

https://thehackernews.com/2018/10/amazon-freertos-iot-os.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1856.ch0ao075h1.151u

..and already patched.

Whole-story always better, although less dramatic, than a half-story.

[Sal Ammoniac]

..and already patched.

That's good news, but I wonder how many unpatched, vulnerable devices are out there? Most people don't bother to update FW on the types of devices that typically use FreeRTOS.

[richardman]

That's good news, but I wonder how many unpatched, vulnerable devices are out there? Most people don't bother to update FW on the types of devices that typically use FreeRTOS.

Yup, this could be problems for years to come... especially after the researchers release the details.

This is a tough problem that will only get worse when there are more and more IoT devices out there.

[obiwanjacobi]

This is a tough problem that will only get worse when there are more and more IoT devices out there.

Most of which don't even run a well tested (RT)OS...

 

[westfw]

To be honest, I don't know how important these are in the sort of device that is likely to be running FreeRTOS.
"Remote code execution" would tend to need a either a highly standardized environment (execute system("/bin/sh -u root")) or a very specifically crafted attack for a particular device ("Increase centrifuge speed to 'self-destruct' by re-writing PWM register")
"Information leak" is likely to be the usual set of "we didn't clear the packet in between the end of the data we're sending and the end of a minimum-sized packet, so there might be "other" data there."  (clearing memory is a particularly annoying performance sink in limited systems :-( )  Yawn.

[diyaudio]

To be honest, I don't know how important these are in the sort of device that is likely to be running FreeRTOS.
"Remote code execution" would tend to need a either a highly standardized environment (execute system("/bin/sh -u root")) or a very specifically crafted attack for a particular device ("Increase centrifuge speed to 'self-destruct' by re-writing PWM register")
"Information leak" is likely to be the usual set of "we didn't clear the packet in between the end of the data we're sending and the end of a minimum-sized packet, so there might be "other" data there."  (clearing memory is a particularly annoying performance sink in limited systems :-( )  Yawn.

Until some does a 360 at BlackHat and proves otherwise.