Critical Flaws Found in Amazon Free RTOS IoT Operating System
RTOS? What is RTOS?
In the year 2018, the year that it currently is, our world is very different from the way it was fifty, forty, thirty, twenty, ten or even five years ago. There are many factors that make this the case, including our political climate, the tv shows we watch, how we raise our children, however, the biggest way in which our world today is so vastly different from the world of our childhood is the presence of the internet.
You may have read that and be thinking to yourself that the internet was around when you were a child, you’re not that old! However, be that as it may, it’s hard to deny that the internet is far more prevalent today than it’s been in the past. It’s used for pretty much everything, and the number of things that use it are rising. Heck, you even have washing machines that are controlled using the internet.
For this reason, some tech companies have developed what they call RTOS, this stands for Real Time Operating System. RTOS is a form of operating system that’s designed to enable you to securely and safely use all of your internet devices. Its purpose is to process the data as quickly as possible, and reduce delays wherever it can.
It’s super important. But you’re probably now wondering how on Earth such technology works. Is it magic? Have we kidnapped a UFO and forced the aliens to tell us how their planet’s technology works? Oh wait. I wasn’t supposed to write that! Moving on….
In all honesty, I probably couldn’t explain to you the intricate scientific details of how an RTOS works. Why is this? Well, firstly you would get very bored of it very quickly, and you would probably stop reading this article. Secondly, you probably wouldn’t understand it, unless you’re qualified in software and coding and that sort of thing, most of the information about how this works will go in one eye and out the other. Finally, I don’t really understand it, it’s very complicated and difficult for me to wrap my head around!
However, a very quick, basic, and easy to understand summary of how an RTOS works would be this…
Certain tasks are assigned by the system to different components within the network. This enables code to be sent out quickly and securely. It also checks the task priority to ensure that everything is done at the correct time.
One example of an RTOS system is Amazon’s ‘Amazon FreeRTOS’. But unfortunately, it has come with a few problems. In this article, I will be highlighting the top three issues that have been found with Amazon FreeRTOS.
All of this information actually comes from a test that was carried out by Zimperium Security Lab’s Ori Karliner.
The first issue that some people have been having with this particular RTOS is Remote Execution. That sounds like a rather complicated scientific and computery word. It sounds like what capital punishment will be called when robots come to your home to kill you. But that’s actually not what it is.
Remote Execution is actually when a bad person had the ability to access someone else’s computing device and make changes. Due to the global nature of the internet, and the fact it uses satellites to work, these changes can be done from anywhere. It doesn’t matter where the victim is located or where the attacker is located.
The victim could be in Yorkshire and the attacker could be in New York. The victim could be in Brazil and the attacker could be in Wales. This problem is caused due to security flaws in the RTOS system.
As you can probably imagine, the consequences of somebody using Remote Execution on somebody’s RTOS system can be rather unpleasant, in some, very rare cases, the consequences can even be devastating.
Just imagine it! Somebody has access to everything of yours that uses the internet. Your work computer, your home computer, your tablet computer, your mobile phone. And there’s not much that you can do about it because you have no idea where all this damage is being done from.
The nasty attacker will be able to get into your bank account, see your work files, and hack into your social media accounts.
As you can understand, this can be very bad for the victims. If somebody gets access to their bank account, they’ll be able to steal their money which will then be untraceable. And the wrong people getting access to your work files might even leave you to getting told off by your boss or even given the sack. I doubt many bosses would be too happy if their company secrets got leaked by hackers from God knows where. And the wrong people on your social media accounts can ruin your reputation. It’s awful!
Denial of Service
Another flaw that’s been found in Amazon FreeRTOS is an issue that’s commonly known to most in the tech industry as Denial of Service.
And no, that is not a formal term for being refused an alcoholic drink because you look twelve and you forgot your ID at home.
Denial of Service is when people get access to your internet devices, and they hack into them to prevent you (the owner of the devices) from using them.
How this happens is actually rather clever, evil as Darth Vader, but clever nonetheless. It’s done by flooding the bandwidth of the victim’s system. When the bandwidth is clogged up, they won’t be able to use their devices’ internet anymore.
A good way to illustrate how it works would be to imagine you want to open a door. A few things in front of the door might mean that you have to push a little bit harder, however, if people intentionally put things in front of the day constantly, then eventually, the door will become impossible to open. The bandwidth works the same as the door in this story.
When your bandwidth is flooded, you will be bombarded with traffic. This could be anything from adverts, videos, files, pictures, programmes.
It doesn’t take a genius to figure out why this isn’t very good. Not being able to use any of your devices that use the internet can be incredibly frustrating.
If you want to know something and you want to quickly Google it to find out… Too bad! If you want to read the news so that you can gain a better understanding of what’s happening in the world, you can’t. If you want to talk to your friends on social media, no can do.
But it can be even worse if you want to use the internet for anything work related. If you’re unable to do your work, I highly doubt that your company is going to be too happy about that. And not only are you not able to do work, but you also can’t give an answer to the question that is ‘so when will you be able to start doing work again?’. Not being able to do any work can seriously affect your income. And not knowing what’s happening to all those files can seriously affect your mental health.
It’s impossible to argue with the fact that being a victim of a denial of service is a horrible experience that nobody should ever have to go through.
The final issue that was found in the report about Amazon free RTOS is an information leak. Despite how the name might make it sound, this is not a new sesame street character who’s a very intelligent green vegetable.
It’s essentially when a hacker is able to get hold of your personal information. A little bit like the issue of remote execution that we spoke about earlier. But this one is more about obtaining information that it is about controlling anything. There are many ways that this problem can occur. You might download something that you shouldn’t. You might put your information into a dodgy website that you would be better off just leaving alone.
Perhaps you’ve clicked on a link in a scam email that you should’ve deleted immediately. Once you click on/download the nasty thing, the hacker then gets onto your system and then hacks their way onto the RTOS to see the information that they shouldn’t. If a hacker knows what they’re doing, and is able to hack efficiently, they will be able to go from seeing you as a target to reading your bank account information in a matter of hours.
The severity of the effects of an information leak can vary based on many different factors. Whilst some put all of their valuable information about insurance, bank accounts, medical records and other such things online (in the cloud), others do not. Putting this sort of information on the cloud will increase the risk of you being a target of an information leakage attack. That’s not to victim blame, it’s just stating the facts. Whilst we should be able to store what we like in our private cloud space, the stark reality is that if someone who shouldn’t get to it does, then it means that they can do what they want with that information.
Another factor that helps to determine how much upset this sort of attack can cause is what sort of information the hacker is after. It could just be that they want to look at a few of your documents, and get a bit of information. Some hackers don’t actually want to cause any harm.
However, there may be some that are out there to do damage. Some who will be able your bank details and insurance information. These are the ones you need to make sure that you stay incredibly careful of!
Despite how bad this all sounds, it’s not all doom and gloom. Amazon has read the report and they have actually taken action! They’ve taken steps to reduce the possibility of Amazon Free RTOS users being hacked. However, it’s wise to remember that the hacker is always one step ahead, so whilst Amazon might’ve done their best to prevent hacking, that doesn’t mean to say that it can’t happen to you, or anyone else.
Amazon has looked at how this system works, and how it uses the internet to pass on and store this information. By doing this they have been able to adjust the coding of the system to increase the security and to make sure that any information that gets passed along the line is as safe as it possibly can be. As time goes on, the security gets stronger. But that’s not to say that it will ever be perfect. As the RTOS systems get stronger, the hackers just become more clever and more imaginative. But that’s not to say that all of this work will be in vain. It’s kind of a ‘neither win nor lose’ situation.
Summary and Conclusion
RTOS is what’s used to keep data transactions between the internet and the things that use it quick and secure. Unfortunately, the way it works is complicated and extremely difficult to understand.
One issue that has been found with Amazon Free RTOS is remote execution, this is when a hacker can control your devices from anywhere. If you have any internet controlled devices that use blades, the consequences of this could be very dangerous.
Another problem with that system is a denial of service when you can’t use your internet devices. If you have a lot of internet powered home appliances, it can be a real pain in the butt.
Another problem found has been information leak, when hackers read information that you’ve stored online. The main risk from this is them getting hold of your bank details. However, despite how bad things are, Amazon is working on getting it solved to make their RTOS system more secure. However, be that as it may, the hackers will likely find a way around the upgrades.
This sort of technology is making our world a better place. Our lives are easier and we’re more connected than ever before. But that doesn’t mean it isn’t wise to be careful!