DNS vulnerabilities put millions of IoT devices at risk of hacking

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Hacker

Image: Stockfresh

The NAME:WRECK flaws affects four popular TCP/IP stacks

Print

PrintPrint

Pro

Read More: cybersecurity Internet of Things IOT

Security researchers have warned of a slew of DNS flaws that could affect millions of Internet of Things (IoT) devices.

According to researchers at Forescout, the nine vulnerabilities have been dubbed “NAME:WRECK,” and they affect four popular TCP/IP stacks: FreeBSD, Nucleus NET, IPnet, and NetX. These vulnerabilities relate to Domain Name System (DNS) implementations, causing Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to target devices offline or take control of them.

The researcher said the widespread use of these stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface.

 
advertisement


 

Forescout researchers teamed up with JSOF to find the flaws and added that these can impact over 100 million consumer, enterprise, and industrial IoT devices worldwide. Millions of IT networks use FreeBSD, including Netflix and Yahoo. Meanwhile, IoT/OT firmware, such as Siemens’ Nucleus NET has been used for decades in critical OT and IoT devices.

If exploited, among the plausible scenarios researchers laid out included exposing government or enterprise…

Source…