Multiple TCP/IP Vulnerabilities in AWS FreeRTOS
Researchers from Dallas, Texas-based Zimperium this week sent out a warning regarding several TCP/IP vulnerabilities within the Amazon Web Services (AWS) version of the FreeRTOS operating system for Internet of Things (IoT) devices.
Zimperium's research arm, zLabs, discovered the vulnerabilities as part of an ongoing study of IoT platforms.
According to the zLabs' researchers, "multiple vulnerabilities" in the FreeRTOS TCP/IP stack can "allow an attacker to crash the device, leak information from the device's memory, and remotely execute code on it, thus completely compromising it."
FreeRTOS is an open source platform for microcontrollers used in IoT systems.
AWS took stewardship of FreeRTOS last year, building on the original kernel to include integration with AWS cloud services, such as AWS IoT Core and AWS Greengrass.
AWS' version of FreeRTOS is designed simplify the device management for developers in the IoT space, according to its info page:
Microcontrollers frequently run operating systems which do not have built in functionality to connect to local networks or the cloud, making IoT applications a challenge. Amazon FreeRTOS helps solve this problem by providing both the core operating system (to run the edge device) as well as software libraries that make it easy to securely connect to the cloud (or other edge devices) so you can collect data from them for IoT applications and take action.
There are also two other versions of FreeRTOS affected by Zimperium's findings, both developed by Wittenstein High Integrity Systems (WHIS): OpenRTOS and SafeRTOS.
In total, the researchers found 13 vulnerabilities ranging from remote code executions, denial-of-service attacks and data leaks. They are as follows:
- Remote code executions: CVE-2018-16522, CVE-2018-16525, CVE-2018-16526, CVE-2018-16528
- Denial-of-service: CVE-2018-16523
- Data leaks: CVE-2018-16524, CVE-2018-16527, CVE-2018-16599, CVE-2018-16600, CVE-2018-16601, CVE-2018-16602, CVE-2018-16603
- "Other": CVE-2018-16598
The vulnerabilities were located in "FreeRTOS's TCP/IP stack and in the AWS secure connectivity modules," Zimperium researcher Ori Karliner said in a blog post. "The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS."
Zimperium noted that the IoT devices that use these operating systems are prevalent in many industries -- including health care, aerospace and automotive -- that are considered "high risk," making these vulnerabilities especially damaging if exploited.
Karliner said Zimperium has been working with AWS and WHIS to disclose and patch the affected FreeRTOS versions.