500M IoT Devices to be Vulnerable to DNS Rebinding Attack

According to Armis, fixing vulnerabilities on all devices is too time-consuming and expensive process for large manufacturers
23 July 2018   977

Armis, a company specializing in cyber security, found that about 500 million modern "smart" devices are vulnerable to an attack called "DNS rebinding." Researchers say that the Internet of things is great for this type of attacks because of deep integration with corporate workflows.

What is DNS rebinding?

An attacker should attach the victim device to malicious DNS and then use it to unintentionally access different domains. DNS rebinding can be used to collect information, start other malicious processes, and the victim device itself plays the role of an intermediate link in the internal network.

In the course of the investigation, the specialists found out that almost all types of IoT devices are subject to attack by DNS rebinding: from routers to IP-cameras and from multimedia players to TV sets. They argue that "smart" devices "perfectly" cope with ensuring the penetration of intruders into internal corporate networks and theft of important data. Experts published a table with the types of vulnerable devices and their number, which reaches 500 million.

DNS Rebinding Table
DNS Rebinding Table

According to Armis, fixing vulnerabilities on all devices is too time-consuming and expensive process for large manufacturers. They argue that vendors simply do not pay attention to minor vulnerabilities such as cross-site scripting (XSS) and cross-site forgery (CSRF), which provide opportunities for DNS reconnection.

Instead, experts suggest the introduction of cyber security monitoring systems instead of waiting for the replacement of old devices with new ones.

Frontend News Digest 24 - 30.08

New and experimental CSS Firefox tools, Node.js' new current version update, deep dive to its internals and many other interest things awaits you
29 August 2019   454

Greetings! I hope your week went great! Here's new Frontend news digest.

In this digest, you will learn how to release custom react component, hook or an effect as an npm Package, learn about the powers of HTML5 storage that allos you to create shopping card and about new experimental CSS tools in Firefox. Also, Node.js v12.9.1 is out.

Guides

  • Creating A Shopping Cart With HTML5 Web Storage

This guide will teach you how to use the HTML Web Storage powers to create a shopping card step-by-step

  • How to Release a Custom React Component, Hook or Effect as an npm Package

Author believes he find a way how to release hook, custom component of React of an Effect as an npm Package in a more easier way than always

Article

  • Faster Image Loading With Embedded Image Previews 

EIP technology described in this post allows us to load preview images during lazy loading using progressive JPEGs, Ajax and HTTP range requests with no additional data transered.

  • Node v12.9.1 (Current)

Small release fixes 2 regressions in the http module

Video

  • New & Experimental CSS Tools in Firefox
     

UX designer at Mozilla Firefox Developer Tools team talks about cool new and even experimental CSS Tools in popular browser

  • A Journey into Node.js Internals

Tamar Twena-Stern spoke about the internals of the one of the most popular JavaScript's runtime environments

Updates

  • monolith

Solution allows to sale any web page into as a single HTML file with enbedded CSS, image, and JavaScript assets all at  a single HTML5 doc

  • radialMenu

Easy to set up (according to the developers) and customizable JS menu

  • Data Table Component

Includes a lot of features, and, according to the developers, is simple, sortable and flexible

  • React Webcam

A component to work with webcams for React