One of the most popular open source real-time operating systems which is ported to 40-plus microcontrollers in IoT devices was found to have multiple critical flaws. This isn’t the average operating system for IoT devices since it is set up to run applications that have a specific time setting. For example, a pacemaker is required to contract the heart muscles at a very specific time–that is exactly where a system like this comes into play. Along with Amazon, WITTENSTEIN high integrity systems (WHIS) also uses a variant of this system named WHIS OpenRTOS, and SafeRTOS for safety-critical devices. Thirteen total vulnerabilities were found which would allow information to be leaked from the memory, the target device to be crashed, and even executing malicious code remotely. WHIS and Amazon both suffered the same flaws but were able to patch them together. Technical details have not been disclosed at this time to allow for smaller users of the system to patch their issues. More information should be released within the month.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is