Security Alert Google, Roku, Sonos to Fix DNS Rebinding Attack Vector (New products vulnerable!)

LASER_oneXM

Level 28
Content Creator
Verified
Joined
Feb 4, 2016
Messages
1,773
OS
Windows 8.1
Antivirus
Kaspersky
#1
The developer teams from Google Home, Roku TV, and Sonos, are preparing security patches to prevent DNS rebinding attacks on their devices.

Roku has already started deploying updates, while Google and Sonos are expected to deploy patches next month.

What's a DNS rebinding attack?

DNS rebinding is not a new attack vector by any stretch of the imagination. Researchers have known about it since 2007 when it was first detailed in a Stanford research paper.

The purpose of a DNS rebinding attack is to make a device bind to a malicious DNS server and then make the device access unintended domains. DNS rebinding attacks are usually used to compromise devices and use them as relay points inside an internal network. A typical DNS rebinding attack usually goes through the following stages:
New products found vulnerable to DNS rebinding attacks

However, in recent months, things have started to change. Interest into DNS rebinding flaws from well-known security researchers like Google's Tavis Ormandy has re-brought this issue into the limelight.

Flaws have been discovered and fixed in products such as Blizzard's Update Agent, the uTorrent client, and the geth Ethereum mining software.

One of the latest deep-dives into DNS rebinding attacks comes from Chicago-based Brannon Dorsey. Yesterday, he published his latest research on the matter, which included a study of some modern IoT equipment and how they handle a DNS rebinding attack.

To nobody's surprise, Dorsey found that most of the equipment he tested was vulnerable. For the past three months, he's badgered vendors to patch these issues and found no success until two members of the press got involved and also started asking questions on the topic. More below: