Many critical vulnerabilities have been discovered in one of the most popular embedded real-time operating systems called FreeRTOS and its other variants, revealing a wide range of IoT devices and critical infrastructure systems to attackers.
What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)?
FreeRTOS is an open source real-time operating system (RTOS) for embedded systems that has been ported to 35 microcontrollers, which are being used in IoT, aerospace, medical, automotive industries, and more.
RTOS is designed to carefully run applications with very precise timing and a high degree of reliability, every time.
An example of the real-time embedded system is a pacemaker which contracts heart muscle at the right time, a process that cannot be delayed in order to keep a person alive.
Since last year, FreeRTOS project is being managed by Amazon, who created Amazon FreeRTOS (a:FreeRTOS) IoT operating system for microcontrollers by upgrading FreeRTOS kernel and some of its components.
The functionalities of FreeRTOS have been upgraded by Amazon with the addition of new modules for secure connectivity, over the air updates, code signing, AWS cloud support, and more.
Besides Amazon, WITTENSTEIN high integrity systems (WHIS) also maintains two variants of FreeRTOS—a commercial version of FreeRTOS called WHIS OpenRTOS, and a safety-oriented RTOS called SafeRTOS, for use in safety-critical devices.
FreeRTOS Vulnerabilities and Security Patches
A security researcher at Zimperium Security Labs (zLabs), Ori Karliner have disclosed around 13 vulnerabilities in FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are also present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTO.
These vulnerabilities permit the attackers to crash the target device, leak information from its memory, and remotely execute malicious code on it thereby getting total control over the target device.
The vulnerabilities affect FreeRTOS versions up to 10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS versions up to 1.3.1, and WHIS OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components).
Zimperium have reported the vulnerabilities to Amazon to which they have installed security patches for AWS FreeRTOS versions 1.3.2 and onwards (latest v1.4.2). WHIS also confirmed that they have pacthed their vulnerabilities together with Amazon.
The technical details of the vulnerabilities have not been disclosed to the public so that the smaller vendors can patch the issues before attackers try to get hold of them.