Unpatched DNS Vulnerability Affects IoT Devices.

0
3175

DNS poisoning.
Serious risk to IoT products.
C libraries bug.

Introduction:
Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products.

Details:
The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems.

Currently:
uClibc is known to be used by major vendors such as Linksys, Netgear, and Axis, as well as Linux distributions like Embedded Gentoo, potentially exposing millions of IoT devices to security threats. The flaw is caused by the predictability of transaction IDs included in the DNS requests generated by the library, which may allow attackers to perform DNS poisoning attacks against the target device.

Additional Security Info:
DNS poisoning, also referred to as DNS spoofing, is the technique of corrupting a DNS resolver cache, which provides clients with the IP address associated with a domain name with the goal of redirecting users to malicious websites. Successful exploitation of the bug could allow an adversary to carry out Man-in-the-Middle (MitM) attacks and corrupt the DNS cache, effectively rerouting internet traffic to a server under their control.

Closing:
The vulnerability could be trivially exploited in a reliable manner should the operating system be configured to use a fixed or predictable source port. The attacker could then steal or manipulate information transmitted by users, and perform other attacks against those devices to completely compromise them.

Reference link for the full story:
Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

This information is brought to you by Vectech Solutions, The Gold Standard in Cybersecurity

#dns #iot #uClibc