Security Group Discovers Multiple Flaws in AWS FreeRTOS A group of researchers has discovered several TCP/IP flaws within the Amazon Web Services (AWS), version of the FreeRTOS operating platform for Internet of Things (IoT). Zimperium, a mobile security company based in Dallas, Texas, has reported on “multiple flaws” in the FreeRTOS TCP/IP platform that could allow an attacker to crash the device and leak information from its memory. Remotely execute code on the device, thereby compromising it completely. The company credited its findings in part to zLabs, its internal research arm. Researchers at zLabs discovered the vulnerabilities during an ongoing study of leading IoT platforms such as FreeRTOS which “supports more that 35 architectures.” FreeRTOS is an open-source platform for microcontrollers that are used in IoT systems. AWS assumed stewardship over FreeRTOS last spring, expanding on the original kernel to integrate with AWS cloud services such as AWS IoT Core or AWS Greengrass. According to AWS’ info page, AWS’ FreeRTOS version aims to simplify device management for developers in IoT. Microcontrollers often run operating systems that do not allow them to connect to the cloud or local networks. This makes IoT applications difficult. Amazon FreeRTOS solves this problem by providing both the core OS (to run the edge device), and software libraries that make it simple to securely connect to cloud (or other edge devices), so you can collect data for IoT applications. Two other versions of FreeRTOS that were affected by Zimperium’s discoveries, both created by Wittenstein High Integrity Systems WHIS: OpenRTOS (or SafeRTOS) Researchers discovered 13 vulnerabilities that range from remote code executions, data leaks, and denial-of service attacks. These vulnerabilities are listed below:

  • Remote code executions: CVE-2018-16522,CVE-2018-16525,CVE-2018-16526,CVE-2018-16528
  • Denial-of-service: CVE-2018-16523
  • Data leaks: CVE-2018-16524, CVE-2018-16527,CVE-2018-16599,CVE-2018-16600,CVE-2018-16601,CVE-2018-16602,CVE-2018-16603
  • “Other”: CVE-2018-16598

Ori Karliner, a Zimperium researcher, stated that the vulnerabilities were found in “FreeRTOS’s TCP/IP stack” and in the AWS secure communication modules. The same vulnerabilities are found in the WHIS Connect TCP/IP part for OpenRTOSSafeRTOS. Zimperium pointed out that these operating systems are used in IoT devices across many industries, including aerospace and health care. This makes these vulnerabilities particularly dangerous if they are exploited. Karliner stated that Zimperium has been working closely with WHIS and AWS to patch the affected FreeRTOS versions.