Amazon might have averted a potential catastrophe by patching a couple of serious flaws in some of its IoT devices. Reports have claimed that a total of 13 security flaws in FreeRTOS, Amazon’s operating system for its IoT devices, and Amazon Web Services connection modules have been patched.
The flaws allowed hackers full control over a targeted device. They would be able to crash them, pull data out of memory and remotely run code.
According to Engadget (opens in new tab), the fix means Amazon “dodged a bullet” – FreeORTS and its safety-oriented counterparts SafeRTOS are used in devices like cars, aircraft and even medical gear. The potential for disaster was quite high.
We’ll have to wait for a month before we learn any details on the flaw. Security company Zimperium discovered the flaws, but it’s waiting 30 days, as per FreeRTOS’ open source license. Zimperium said this will also give smaller companies time to patch up before it’s too late.
“The patches were deployed for AWS FreeRTOS versions 1.3.2 and onwards,” Zimperium said in a blog post (opens in new tab). “The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” the company added.
“We also received confirmation from WHIS that they were exposed to the same vulnerabilities, and those were patched together with Amazon.”
Photo Credit: bergserg/ Shutterstock