Latest in Gear

Image credit: basketman23 via Getty Images

Amazon fixes security flaws allowing smart home hijacks

The real-time OS had 13 flaws affecting a wide range of devices.
512 Shares
Share
Tweet
Share

Sponsored Links

basketman23 via Getty Images

Some smart home device owners may have dodged a bullet. Amazon recently patched 13 security flaws in an operating system for the Internet of Things, FreeRTOS, as well as Amazon Web Services connection modules. The holes let intruders crash devices, leak the contents of their memory and remotely run code, effectively giving attackers full control. The flaws might have been far-reaching if they'd gone unfixed -- both FreeRTOS and its safety-oriented counterpart SafeRTOS are used in a wide range of devices inside and outside the home, including cars, aircraft and medical gear.

Zimperium, which found the flaws, is waiting until 30 days after the disclosure to provide the technical details required by FreeRTOS' open source license. This should give smaller outfits an opportunity to fix the flaws, Zimperium said.

These kinds of flaw disclosures are far from unusual, but they're relatively new here. Amazon Web Services took the reins for FreeRTOS' core just under a year ago in November 2017. This was a test of sorts for Amazon's ability to respond to these issues, and so far it appears to have passed.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
512 Shares
Share
Tweet
Share

Popular on Engadget

Kik Messenger will keep running under a different owner

Kik Messenger will keep running under a different owner

View
Netflix's 'Cowboy Bebop' production pauses after John Cho is injured on-set

Netflix's 'Cowboy Bebop' production pauses after John Cho is injured on-set

View
Nike puts an accessibility twist on its iconic Air Jordan 1

Nike puts an accessibility twist on its iconic Air Jordan 1

View
Alphabet’s Wing starts drone deliveries to US homes

Alphabet’s Wing starts drone deliveries to US homes

View
Boeing messages hint staff may have misled FAA about 737 Max

Boeing messages hint staff may have misled FAA about 737 Max

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr