Security News Half a Billion IoT Devices Vulnerable to DNS Rebinding Attacks

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/half-a-billion-iot-devices-vulnerable-to-dns-rebinding-attacks/

Armis, the cyber-security firm that discovered the BlueBorne vulnerabilities in the Bluetooth protocol, warns that nearly half a billion of today's "smart" devices are vulnerable to a decade-old attack known as DNS rebinding.

Spurred by recent reports regarding DNS rebinding flaws in Blizzard apps, uTorrent, and Google Home, Roku TV, and Sonos devices, the company has recently analyzed the impact this type of attack has on Internet-of-Things-type of devices.

What is a DNS rebinding attack

DNS rebinding attacks are when an attacker tricks a user's browser or device into binding to a malicious DNS server and then make the device access unintended domains.


DNS rebinding attacks are normally used to compromise devices and use them as relay points inside an internal network. A typical DNS rebinding attack usually goes through the following stages:

Almost all types of IoT devices are vulnerable

Armis says that IoT and other smart devices are perfect for attackers to target via DNS rebinding, mainly due to their proliferation inside enterprise networks, where they can play a key role into facilitating reconnaissance and data theft operations.

Experts say that following their investigation, they found out that nearly all types of smart devices are vulnerable to DNS rebinding, ranging from smart TVs to routers, from printers to surveillance cameras, and from IP phones to smart assistants.

All in all, experts put the number of vulnerable devices in the hundreds of millions, estimating it at roughly half a billion.

Don't expect a massive patching effort

Patching all these devices against DNS rebinding attacks is a colossal task that may never be done, requiring patches from vendors that can't be bothered with security for trivial flaws like XSS and CSRF vulnerabilities, let alone complex attacks such as DNS rebinding.

But Armis experts say that integrating IoT devices into current cyber-security monitoring products may be the easiest and cost-effective solution, rather than looking and auditing new devices to replace the old ones.

Because IoT security has been a proverbial shitshow for the past year, the cyber-security market has reacted and adapted, and there are now many firms that provide specialized platforms for monitoring IoT devices for enterprises which want to avoid nasty surprises.

For example, just recently PIR Bank of Russia got a nasty surprise when discovered that hackers stole $1 million after they breached its network thanks to an outdated router.

 

[ForgottenSeer 58943]

I hate to sound tragic here, but we've been sounding a slow drum roll of an IT Apocalypse brewing.

As I said in another thread, it's pretty much all over now. Everything is, or can easily be compromised. There isn't a magic pill to fix any of anymore. Highly secure organizations have moved to pen and paper and back to filing cabinets. I recently visited a facility that handles sensitive technologies, and they were procuring 'vintage' filing cabinets..

It's all going bad. I've mostly removed IoT from my home. Anything I am not removing I am securing. I'm having Cat6 run to my second floor next week and largely closing down wireless - or limiting it to mobile devices.

Fortinet, Kaspersky, Cisco, Sophos, nobody has a magic pill to fix what is happening, and will be worse soon. It's all going sour. LOL

 

[pokee]

those MoenyTaker.....the way that they did it .....sound like movie plan ...and so quick.....and i understand why only 1 million

 

[vtqhtr413]

Here is another interesting article on this topic

Vulnerable IoT Vacuums, DVRs Put Homes at Risk