A decade-old technique for attacking computer networks has resurfaced as a way to manipulate IoT devices, smart home gadgets and streaming sticks, sending a number of manufacturers scurrying to fix the vulnerability.
Called ‘DNS rebinding’, the attack uses fraudulent IP addresses to breach the security of Wi-Fi networks, and is believed to have been first disclosed in 2007 by cyber-security researchers at Stanford University. According to a research note published by noted cyber-security researcher Brannon Dorsey, the old vulnerability has reared its ugly head in virtually every IoT device and connected gadget he tested, “leading to information being leaked, or in some cases, full device control”.
According to Dorsey, “Google Home, Chromecast, Roku, Sonos WiFi speakers, and certain smart thermostats could all be interfaced with in some way by an unauthorized remote attacker”. He shared his findings with the vendors of the devices that he personally found to be vulnerable, and also created a new website that, with the user’s permission, will run JavaScript code as a proof-of-concept to detect devices vulnerable to DNS rebinding on the network.
He claims that the code will only point out the vulnerable devices for the user’s benefit, and will not actually do anything malicious.
Meanwhile, according to Wired, the manufacturers contacted by Dorsey have all acknowledged the issue, and are actively working towards mitigating it. Roku has already started deploying updates to plug the security loophole its Roku TV devices, while Google and Sonos are expected to start rolling out the patches next month.
In case you’re wondering about DNS rebinding, it enables malicious webpages to access and potentially hijack vulnerable devices on a local network by circumventing the so-called ‘same-origin’ safeguards that prevent pages or data loaded by IP address from being modified by pages or data loaded by a different IP address. The technique is mostly used for IPs on the local network rather than to redirect users to malicious external IPs.
The aforementioned research note from Dorsey describes DNS rebinding as well as its working in intricate detail. So if you are a programmer and in the mood to get acquainted with the ins and outs of the technique, you can hop over to the link above.
