21 OCT

Amazon fixes security flaws allowing smart home hijacks

Some smart home device owners may have dodged a bullet. Amazon recently patched 13 security flaws in an operating system for the Internet of Things, FreeRTOS, as well as Amazon Web Services connection modules. The holes let intruders crash devices, leak the contents of their memory and remotely run code, effectively giving attackers full control. The flaws might have been far-reaching if they’d gone unfixed — both FreeRTOS and its safety-oriented counterpart SafeRTOS are used in a wide range of devices inside and outside the home, including cars, aircraft and medical gear.

Zimperium, which found the flaws, is waiting until 30 days after the disclosure to provide the technical details required by FreeRTOS’ open source license. This should give smaller outfits an opportunity to fix the flaws, Zimperium said.

These kinds of flaw disclosures are far from unusual, but they’re relatively new here. Amazon Web Services took the reins for FreeRTOS’ core just under a year ago in November 2017. This was a test of sorts for Amazon’s ability to respond to these issues, and so far it appears to have passed.

Via: Threatpost

Source: Zimperium

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Related Posts '

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.