FreeRTOS Has 13 Major Security Flaws
Research performed by Zimperium’s zLabs team uncovered 13 vulnerabilities that could be manipulated to leak information, crash devices, and even take control with remote code execution.
“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” shared zLabs in their report.
FreeRTOS and SafeRTOS “have been used in a wide variety of industries: IoT, Aerospace, Medical, Automotive, and more,” according to the company’s post.
“Due to the high risk nature of devices in some of these industries, zLabs decided to take a look at the connectivity components that are paired with these OS’s. Clearly, devices that have connectivity to the outside world are at a higher degree of risk of being attacked.”
These OS, being under the Amazon Web Services umbrella, are some of the most widely used IoT OS.
Organizations should check their environments immediately for any vulnerable devices. It’s no longer enough to detect Windows, Mac, and Linux devices. The IoT presents a whole arena of risks. Vulnerabilities can lurk unnoticed until it’s too late.