Amazon has reportedly patched some of the IoT vulnerabilities that had crept up in the OS kernel of its smart devices. The researchers at Zimperium identified the vulnerabilities and collaborated with the tech giant on producing the patches to mend the problem.
Zimperium, a private mobile security company, discovered Amazon’s IoT vulnerabilities when it was conducting its study on IoT platforms in the market at the zLabs. The security company noticed flaws in the AWS FreeRTOS platform which is a fully enabled IoT platform for microcontrollers. They saw that there were vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules which could be exploited.
These vulnerabilities could have allowed a potential attacker to crash the device, leak information and remotely execute code on it. But Amazon has patched these issues working jointly with Zimperium. The patches have been enforced for AWS FreeRTOS version 1.3.2 and onwards.
AWS FreeRTOS is used widely in the industry for IoT, Medical, Automotive and much more. And zlabs due this high-risk nature of these industries decided to look into the connectivity components and discovered the bugs.
Zimperium has withheld the technical details of the patches and the bugs considering that their zLabs research project is an open source project. But they intend to do this in the next 30 days which will enable other small vendors to patch their vulnerabilities too.