Blog

Many IOT Devices At Risk Due To DNS Vulnerability

May 21, 2022 | Blog

How many “smart” devices do you have connected to your home or company network?  It’s probably a higher number than you originally estimated.  However large that number is, it pays to be aware that IoT devices are some of the least secure devices available on the market today, which makes them the weakest link in terms of hackers successfully attacking your network.

In fact, there are millions of IoT devices that are vulnerable to a critical security flaw residing in the DNS component of a C Standard library that all sorts of firmware developers make use of.  That means that right now, there are literally millions of ticking time bombs out there and one or more of them could be connected to your network.

There are two libraries to be aware of here:  uClibc and its fork, developed by the OpenWRT team.  You’ll find major companies like Linksys, Axis, and Netgear making use of both on a regular basis, and you’ll even find it in some Linux distributions.

Unfortunately, at the time this article was written, there are no fixes available from the developer which leaves the products of more than 200 different vendors at risk.

Essentially, the flaw relies on a predictable transaction ID for DNS lookup requests.  It is that predictability that creates the vulnerability and allows a clever hacker to “trick” a vulnerable device into pointing to an arbitrarily defined end point specified by the hacker, which would have the effect of rerouting your network traffic to a server under the control of the hackers.

As you can imagine, that would cause no end of trouble for you and your company. That is because the hackers would then have perfect visibility into everything you do on your network and would be able to inject any sort of malware into any system on your network.

There’s no simple solution here except to disconnect any vulnerable IoT devices from your network and contact the developers who maintain the library and demand immediate action.  A fix is currently in the works, but adding your voice to the rapidly growing chorus can’t hurt.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech