Recently, Amazon patched multiple IoT vulnerabilities present in its operating system for smart devices. The vulnerabilities could have allowed hackers to take complete control of the device and execute remote commands. These security flaws affected numerous smart home products of Amazon as well as its AWS modules.
Critical Security Flaws Discovered In AWS FreeRTOS
Reportedly, researchers from a mobile security firm, Zimperium, discovered several security flaws in Amazon’s IoT operating system. The researchers allegedly assessed FreeRTOS while continuing their work over IoT platforms. Consequently, Amazon patched multiple IoT vulnerabilities as highlighted by Zimperium.
As reported by Zimperium in their blog post, they discovered numerous security bugs in the AWS FreeRTOS.
During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS.
They found as much as 13 different vulnerabilities have different impacts, including remote code executions to data leaks.
These vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it, thus completely compromising it.
As they have further elaborated, 4 out of the 13 were RCE flaws, 7 vulnerabilities could result in information leaks, while 1 bug could lead to denial of service. For the remaining single bug, the researchers did not specifically state the impact.
Amazon Patched Multiple IoT Vulnerabilities As Reported
After discovering the bugs, the researchers duly informed Amazon of the problems. Moreover, they continued to collaborate with Amazon for producing patches for the flaws. Presently, they have not revealed any technical details regarding the bugs to give opportunity to the other vendors for patching.
Since this is an open source project, we will wait for 30 days before publishing technical details about our findings, to allow smaller vendors to patch the vulnerabilities.
Nonetheless, they confirmed that Amazon deployed patches for FreeRTOS version 1.3.2 and onwards. Besides, they also confirm patches for RTOS WHIS for these bugs.
IoT and smart devices always remain vulnerable to cyber attacks. The technology, despite being useful, remains loaded with lots of glitches and bugs that could facilitate hackers in their malicious activities. Therefore, the only way to prevent any damages is to have a proactive approach towards eliminating the flaws. Recently, Sony also patched critical security vulnerabilities in its smart TV Bravia.
Let us know your thoughts in the comments below.