Recently, Amazon fixed 13 security flaws found in an operating system used for FreeRTOS, Amazon Web Services (AWS), and connected devices. The flaws allowed intruders to crash devices, leak their memories, and run code remotely. As FreeRTOS is used in devices like cars, aircrafts, and medical devices, it is particularly important that Amazon improve its cybersecurity. Devices connected to the outside world are likely to be the victims of cyber attacks.
Zimperium, a mobile security company, initially found the flaws and disclosed them to Amazon. As of this posting, technical details of the flaws are not available, although they must be revealed within 30 days according to FreeRTOS’ open source license. Once the details are released, smaller outlets can begin to update their security, according to Zimperium. Now, Zimperium is working with Amazon to fix the flaws that they found. They’re also offering help to consumers who think their products might be vulnerable to cyber attacks.
Zimperium’s investigation is part of a ongoing project to research Internet of Things (IoT) devices. FreeRTOS, a market leader in the IoT market, has been used by over 40 hardware platforms in the last 14 years alone, says Zimperium. AWS oversees FreeRTOS and its components, hoping to provide cybersecurity so web developers can focus on their product.
Amazon is no stranger to security issues on connected devices. Last April, a security testing company called Checkmarx developed a skill which would allow the Amazon Echo to secretly record and transcribe what the user is saying. After disclosing this skill to Amazon, they “have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do,” according to a spokesperson for Amazon.
Amazon isn’t the only tech company experiencing cybersecurity malfunctions. Many connected devices are vulnerable to hacker attacks. Last April, researchers at F-Secure revealed a security flaw which would allow hackers to gain access to any hotel room secured with an electronic keycard. Despite the fact that no hacker had ever discovered this flaw, Assa Abloy, the largest lock manufacturer in the world, performed software updates to fix the issue.
As technology improves exponentially for products made for the IoT, the fight for cybersecurity must stay one step ahead of the hackers, preventing them from attacking these connected devices.