16) Back to basics

 Back to basics.

Ori Karliner exposed several detailed TCP/IP security flaws of the freeROTS kernel, eventually concluding a full mounted and controlled attack could take place on the IOT products using this kernel operating system.

 What is free RTOS?

The freeROTS kernel was developed in partnership with several notable chip manufacturing companies , over at least a decade and is used in the IOT, automotive, Aerospace industries.  RTOS stands for real time operating system and is used extensively with blue chip companies (free to use in commercial products without requiring the company to expose their source code and propriety  IP) for the IOT products. No wonder why it is so extensively used, such that It was downloaded approximately every 120 second on average (2017).

How does it work and what can it do?

The attack is quite simple to execute. The user, by sending simple malicious packets over the network to exploit the source code, destined for the IOT product could take control of the full device (commandeering equipment), using it to spy on its owners , steal data and whatever else the dark minded hacker wishes to do with it.

Thirteen possible flaws have been identified. Four of which could execute remote code injection, and another to carry out DOS attacks and seven for data hacking.

What to do if your products are affected.

In another 30 days, the full technical report would be published along with rectification methods and guidance.