Skip to main content

Amazon patches potentially major home IoT security flaws

(Image credit: Photo Credit: bergserg/ Shutterstock)

Amazon might have averted a potential catastrophe by patching a couple of serious flaws in some of its IoT devices. Reports have claimed that a total of 13 security flaws in FreeRTOS, Amazon’s operating system for its IoT devices, and Amazon Web Services connection modules have been patched.

The flaws allowed hackers full control over a targeted device. They would be able to crash them, pull data out of memory and remotely run code.

According to Engadget (opens in new tab), the fix means Amazon “dodged a bullet” – FreeORTS and its safety-oriented counterparts SafeRTOS are used in devices like cars, aircraft and even medical gear. The potential for disaster was quite high.

We’ll have to wait for a month before we learn any details on the flaw. Security company Zimperium discovered the flaws, but it’s waiting 30 days, as per FreeRTOS’ open source license. Zimperium said this will also give smaller companies time to patch up before it’s too late.

“The patches were deployed for AWS FreeRTOS versions 1.3.2 and onwards,” Zimperium said in a blog post (opens in new tab). “The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” the company added.

“We also received confirmation from WHIS that they were exposed to the same vulnerabilities, and those were patched together with Amazon.”

Photo Credit: bergserg/ Shutterstock

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.