According to a report from security software vendor Armis, 496 million Internet of Things devices are vulnerable to cyberattacks. “New devices make old security exposures new again,” according to Michael Parker, Armis VP of marketing (I think that's bologna). There have not been any documented attacks on IoT devices using this exploit yet, thankfully.
The potential exploit is DNS rebinding, which was first made known in 2008 at a RSA conference. Ten years later, this exploit still rears its ugly head! “If companies with such high profiles are failing to prevent against DNS rebinding attacks, there much be countless other vendors that are as well,” according to Dorsey, an independent researcher who published the security exploit in June. His findings were focused on the vulnerabilities in home IoT devices, like Sonos Wi-Fi Speakers, routers, and Google Home (Armis' report focuses on business vulnerabilities).
“Armis said it did not notify manufacturers because the DNS rebinding vulnerability for consumer IoT devices was disclosed in June and because of the large number of manufacturers impacted," according to a CRN article on this.
If you have an IoT device in your home or business, I suggest changing your passwords and using a local network other than 192.168.1.1/24. These steps should protect your devices from DNS rebinding. I can’t believe they are still creating devices that are vulnerable to an exploit that’s been known for a decade!
Back to original news post