500M IoT Devices to be Vulnerable to DNS Rebinding Attack

According to Armis, fixing vulnerabilities on all devices is too time-consuming and expensive process for large manufacturers
23 July 2018   470

Armis, a company specializing in cyber security, found that about 500 million modern "smart" devices are vulnerable to an attack called "DNS rebinding." Researchers say that the Internet of things is great for this type of attacks because of deep integration with corporate workflows.

What is DNS rebinding?

An attacker should attach the victim device to malicious DNS and then use it to unintentionally access different domains. DNS rebinding can be used to collect information, start other malicious processes, and the victim device itself plays the role of an intermediate link in the internal network.

In the course of the investigation, the specialists found out that almost all types of IoT devices are subject to attack by DNS rebinding: from routers to IP-cameras and from multimedia players to TV sets. They argue that "smart" devices "perfectly" cope with ensuring the penetration of intruders into internal corporate networks and theft of important data. Experts published a table with the types of vulnerable devices and their number, which reaches 500 million.

DNS Rebinding Table
DNS Rebinding Table

According to Armis, fixing vulnerabilities on all devices is too time-consuming and expensive process for large manufacturers. They argue that vendors simply do not pay attention to minor vulnerabilities such as cross-site scripting (XSS) and cross-site forgery (CSRF), which provide opportunities for DNS reconnection.

Instead, experts suggest the introduction of cyber security monitoring systems instead of waiting for the replacement of old devices with new ones.

CSS-Based Attack to Restart iPhone

As researcher noted, all applications that handle HTML are under threat
17 September 2018   205

The developer and cyber security specialist Sabri Haddouche found that 15 lines of CSS code running on iOS cause the kernel to crash and reboot the device. On the macOS after the clicking on the "overloaded" link, the browser may freeze. All versions of iOS, including the latest update 11.4.1, as well as iOS 12, which is currently undergoing beta testing are vulnerable.

Haddouche published a PoC code on GitHub. It exploits a vulnerability in the WebKit web rendering engine. Placement of a large number of tags (for example, a div) inside the CSS property of backdrop-filter results in all the device resources being used to render the page. This causes a crash in the kernel, and the system starts a reboot to prevent it from corrupting.

The developer notified Apple of the vulnerability, and the company began an internal investigation.

As Haddouche noted in a conversation with TechCrunch, all applications that handle HTML are under threat. You can cause a failure through an e-mail message or a link to an "overloaded" web page. The attack does not allow executing malicious code and does not allow an attacker to access the device data, however, according to experts, it will be difficult to find a way to prevent it.

CSS is a tool for designing web content written primarily in HTML. However, specialists from time to time discover that it allows, for example, to collect confidential user like passwords or track actions on the web.