Multiple Vulnerabilities Found in FreeRTOS

By

Millions of IoT and embedded devices could be vulnerable.

zLabs researcher Ori Karliner has found [1] multiple critical vulnerabilities in the open source real-time embedded operating system FreeRTOS.

“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” wrote Karliner in a blog post.

Karliner said that these vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it.

FreeRTOS is a popular option for IoT and embedded devices. It has been ported to over 40 pieces of hardware. The vulnerability affects FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS, and SafeRTOS (With WHIS Connect middleware TCP/IP components) .

zLabs informed AWS about the flaws and worked with AWS to patch these vulnerabilities. AWS has already deployed patches for AWS FreeRTOS versions 1.3.2 and onwards.

Source: [1] https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/

10/22/2018

Related content

  • Photo by Marcus Woodbridge on Unsplash
    Create flexible backups with Kopia
    The Kopia open source system for automating the creation and transfer of backups supports a wide range of remote storage devices, making it particularly useful as a backup tool in cloud environments. The convenient GUI for Windows installations holds its own against commercial products, despite its short development history.
    more »
  • Is Google Working on a New Operating System?
    more »
  • Microsoft Acquired RTOS Company
    more »
  • News for Admins
    Stack Overflow Compromised; Docker Hub Breached; Microsoft Brings Linux to Windows 10; Running Oracle? Get Ready for Almost 300 Patches and Microsoft Acquired RTOS Company.
    more »
  • Photo by Valentina Curini on Unsplash
    Mobile hacking tool
    The Flipper Zero mobile hacking tool, a highly portable device that looks like a kiddy toy at first glance, can check a wide range of wireless connections for vulnerabilities. We take a look at potential applications in pentesting scenarios.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=