Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti

DNS rebinding attacks could affect 500 million enterprise IoT devices


Major corporates' connected IoT devices could be vulnerable to DNS rebinding attacks, granting hackers remote access to local networks. As many as half-a-billion devices around the world could be affected.
 
Security company Armis claims in a new report that organisations are even more exposed than consumers due to the burgeoning variety of WiFi enabled devices, including IP phones, printers, networking equipment, and cameras.
 
These devices put organisations at risk from a ranged of attacks, including data exfiltration and takeover from a Mirai-like worm attack.
 
"DNS rebinding takes advantage of a nearly decade-old flaw in web browsers that allows a remote attacker to bypass a victim's network firewall and use their web browser as a proxy to communicate directly with vulnerable devices on the local network," Armis explained in a blog post revealing its new findings.
 
An example of a vulnerable device is one that is running an unauthenticated protocol like Universal Plug and Play (UPnP) or HTTP, used on unencrypted web servers. These protocols are commonly used to host administrative consoles for routers, printers, IP cameras, or to allow easy access to the device's services, and are pervasive in businesses, the report states.
 
"The majority of manufacturers who make commonly used IoT devices within enterprise environments ship devices that are vulnerable to a DNS rebinding attack," Armis said.
 
"Using data from Armis' Device Knowledgebase, which includes over five million device behaviour profiles, our researchers identified the devices, manufacturers, and the estimated number of vulnerable devices worldwide in the enterprise, nearly half a billion devices - 496 million by our count."
 
Because of the widespread use of the types of devices within enterprises, Armis said that nearly all are susceptible to DNS rebinding attacks.
 
For example, Cisco Systems recently issued software updates to tackle a high-risk vulnerability in several VoIP phone models. This vulnerability allowed a remote attacker to perform a command injection and execute commands with the privileges of the web server. And it's this is the type of scenario that can happen thanks to a DNS Rebinding attack.
 
IP security cameras were also found to be among the most at risk as 10 vulnerabilities were published in Axis cameras and Foscam cameras.
 
"Printers were also identified in our research. Unfortunately, printers are one of the least managed, most poorly configured devices in the enterprise. Aside from adjusting basic network configurations, enterprises typically deploy printers with default settings, making them an ideal target for a DNS rebinding attack," Armis's report added.





25/07/18    Çap et