Researchers at Zimperium’s zLabs team have found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities.
The researcher Ori Karliner and his team analyzed some of the most popular operating systems in the IoT market, including the FreeRTOS. FreeRTOS is an open-source operating system that runs on most of the small microprocessors and microcontrollers in IoT devices.
Karliner discovered 13 vulnerabilities in FreeRTOS that could be exploited by an attacker to conduct several malicious activities, including remote code execution, information leak and DoS attacks.
The OS supports more than 40 hardware architectures, it is used in a broad range of products, including appliances, sensors, electricity meters, fitness trackers, industrial automation systems, cars, electricity meters, and any microcontroller-based devices.
The vulnerabilities reside in the implementation of the TCP/IP stack and affect a FreeRTOS branch maintained by Amazon and the OpenRTOS and SafeRTOS maintained by WITTENSTEIN high integrity systems (WHIS).
The flaws affect the FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components).
Amazon has been notified of the situation and the company responded by releasing patches to mitigate the problems.
“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS.” reads the analysis published by Zimperium.
“These vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it, thus completely compromising it.”
Zimperium will wait for 30 days before releasing technical details about its findings, to allow smaller vendors to patch the vulnerabilities.
Below the full list of the vulnerabilities discovered by the experts.
|CVE-2018-16522||Remote Code Execution|
|CVE-2018-16525||Remote Code Execution|
|CVE-2018-16526||Remote Code Eexecution|
|CVE-2018-16528||Remote Code Execution|
|CVE-2018-16523||Denial of Service|
(Security Affairs – IoT, hacking)