Amazon Fixes Security Flaws Allowing Smart Home Hijacks

posted by martyb on Friday October 26, @11:08PM   Printer-friendly
from the everyone-will-apply-the-fixes,-right? dept.
upstart writes in with a submission via IRC for Fnord666:

Amazon fixes security flaws allowing smart home hijacks

Some smart home device owners may have dodged a bullet. Amazon recently patched 13 security flaws in an operating system for the Internet of Things, FreeRTOS, as well as Amazon Web Services connection modules. The holes let intruders crash devices, leak the contents of their memory and remotely run code, effectively giving attackers full control. The flaws might have been far-reaching if they'd gone unfixed -- both FreeRTOS and its safety-oriented counterpart SafeRTOS are used in a wide range of devices inside and outside the home, including cars, aircraft and medical gear.

From the Zimperion Labs blog linked above:

As a part of our ongoing IoT platform research, zLabs recently analyzed some of the leading operating systems in the IoT market, including FreeRTOS. FreeRTOS is a market leader in the IoT and embedded platforms market, being ported to over 40 hardware platforms over the last 14 years. In November 2017, Amazon Web Services (AWS) took stewardship for the FreeRTOS kernel and its components.

AWS FreeRTOS aims to provide a fully enabled IoT platform for microcontrollers, by bundling the FreeRTOS kernel together with the FreeRTOS TCP/IP stack, modules for secure connectivity, over the air updates, code signing, AWS cloud support, and more.

[...] There is also a commercial version of FreeRTOS, named OpenRTOS and maintained by WITTENSTEIN high integrity systems (WHIS). WHIS also offers a safety-oriented RTOS named SafeRTOS, that is based on the functional model of FreeRTOS, and is certified for use in safety critical systems.

[...] During our research, we discovered multiple vulnerabilities within FreeRTOS's TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS.

[...] The patches were deployed for AWS FreeRTOS versions 1.3.2 and onwards. We also received confirmation from WHIS that they were exposed to the same vulnerabilities, and those were patched together with Amazon.

Since this is an open source project, we will wait for 30 days before publishing technical details about our findings, to allow smaller vendors to patch the vulnerabilities.

The blog entry listed the Common Vulnerabilities and Exposures (CVE) IDs for the vulnerabilities. Here they are, but reformatted as links for easier access:

CVE-2018-16522Remote code execution
CVE-2018-16525Remote code execution
CVE-2018-16526Remote code execution
CVE-2018-16528Remote code execution
CVE-2018-16523Denial of service
CVE-2018-16524Information leak
CVE-2018-16527Information leak
CVE-2018-16599Information leak
CVE-2018-16600Information leak
CVE-2018-16601Information leak
CVE-2018-16602Information leak
CVE-2018-16603Information leak
CVE-2018-16598Other

