A researcher has discovered multiple flaws in the FreeRTOS TCP/IP stack: https://thehackernews.com/2018/10/amazon-freertos-iot-os.html. Amazon/FreeRTOS quickly patched the problems, but that’s not the end of the story.
As more and more “Internet of Things” devices come onto the market, the existence of exploitable flaws will become unavoidable. As the provider of a (forthcoming) TCP/IP+RTOS stack in ImageCraft’s JumpStart IOT Suite, it behooves us to come up with a plan for if and when this happens. Clearly, we need to:
- Start with a robust code base.
- Provide patches for the issues as soon as possible.
- Communicate with users to make sure they understand the issues and have plans for firmware updates when needed.
For code base, our TCP/IP stack is the open source lwIP, a stack that started its life in the early 2000s and which has gone through multiple iterations. It has been in used in numerous open source and commercial products. Does that mean it’s “bullet proof”? Certainly not. lwIP has recently had major 2.1.x releases with support for TLS, ipV6, and numerous other enhancements. It’s the right direction for lwIP to take, especially with TLS and ipV6 support. On the other hands, it will probably take a few weeks or months to shake out all the new features.
How about proprietary stacks? The truth is that it takes a lot of resources to write a TCP/IP stack from scratch, and any effort we could expend is best concentrated on helping to make lwIP better. “Security by anonymity” is not security either.
Providing patches means that ImageCraft must have a good tracking system with respect to releases and which specific version a customer has so that we can communicate with them in a timely manner. We will be working on such system prior to the JumpStart IoT product release.
Finally, we need to educate our users so that they understand that while upgrading the firmware in the field might mean hours of validation and testing, it is an option that they must consider. Fortunately, most newer MCUs have built-in support for bootloader firmware updates, but of course that leads a whole host of other considerations. More on that later.