Recent research from security outfit Armis has revealed a whopping 496 million smart devices are at risk from a decade-old attack.
DNS rebinding leaves IoT and unmanaged devices vulnerable to attacks in the home and office. This includes TVs of all brands, shapes and sizes, as well as personal and business products like routers and printers. This is the same vulnerability that affected all Blizzard games earlier this year.
“DNS rebinding takes advantage of a nearly decade-old flaw in web browsers that allows a remote attacker to bypass a victim’s network firewall and use their web browser as a proxy to communicate directly with vulnerable devices on the local network,” explained Armis.
“An example of a vulnerable device is one that is running an unauthenticated protocol like Universal Plug and Play (UPnP) or HTTP (used on unencrypted web servers). These protocols are commonly used to host administrative consoles (for routers, printers, IP cameras) or to allow easy access to the device’s services (for example, streaming video players), and are pervasive in businesses.”
So how can businesses protect themselves from this potentially crippling threat? Network protection company EfficientIP says the answer is to look at the bigger picture: the network as a whole.
EfficientIP secures the likes of Netflix, eBay, Orange, and the London Stock Exchange, and works to protect hospitals, stadium and councils against cyber threats.
“According to estimates, there will be at least 200 billion connected devices within the next two years. The recently revamped vulnerability of half a billion of connected devices to DNS rebinding attacks is a huge concern. This vulnerability targets devices that are critical to the everyday life of businesses and consumers, and opens a door for even more devastating attacks,” said Ronan David, VP Strategy at EfficientIP.
“Patching half a billion devices is a Herculean task, and patches are not always supplied by manufacturers or widely deployed by individual users. Therefore, you have to fix the issue where you have control. Enterprises have more control over their own DNS infrastructure, and can use it to dramatically mitigate the risk of damage (by blocking DNS answers with a private IP address coming from a public name server).
David continued: “DNS security best practices, combined with threat intelligence services and filtering strategy over domain reputation, are becoming vital to protect the networks of public and private organisations. It is worrying that since the 2016 Mirai IoT attack, companies are not systematically considering cybersecurity over the entire kill chain, and including DNS services as a key network security component.
“Until a decade-old web browser issue is resolved on a global level, DNS security best practices enforcement is a requirement for solid network defence.”