Half a Billion IoT Devices Vulnerable to DNS Rebinding Attacks
By Catalin Cimpanu | July 20, 2018
Armis, the cyber-security firm that discovered the BlueBorne vulnerabilities in the Bluetooth protocol, warns that nearly half a billion of today’s “smart” devices are vulnerable to a decade-old attack known as DNS rebinding.
Spurred by recent reports regarding DNS rebinding flaws in Blizzard apps, uTorrent, and Google Home, Roku TV, and Sonos devices, the company has recently analyzed the impact this type of attack has on Internet-of-Things-type of devices.
…
Experts say that following their investigation, they found out that nearly all types of smart devices are vulnerable to DNS rebinding, ranging from smart TVs to routers, from printers to surveillance cameras, and from IP phones to smart assistants.
All in all, experts put the number of vulnerable devices in the hundreds of millions, estimating it at roughly half a billion.
…
Patching all these devices against DNS rebinding attacks is a colossal task that may never be done…
It’s not the 2000s anymore, and any respectable company nowadays must update its threat model to account for IoT devices, regardless if their vulnerable to DNS rebinding or any other flaw.
Read the full article here – the included graphic shows vulnerable manufacturers ranging from Apple, Google & GoPro through to Samsung, Roku & Xerox (more than 2 dozen of them)
