Half a billion IoT devices vulnerable to 10-year-old DNS rebinding attacks

• 165 million printers, 28.1 million smart TVs, 14 million switches, routers and access points are impacted by this ancient attack technique.
• Around 5.1 million streaming media players and smart speakers were also found to be impacted by this vulnerability.

A new report published by Internet of Things (IoT) security software provider Armis has revealed that nearly a half-billion IoT devices (nearly 496 million) are vulnerable to DNS rebinding attacks - a 10-year old attack technique. Since these vulnerable IoT devices are used in businesses across the world, nearly every enterprise could be potentially vulnerable to DNS rebinding attacks.

According to Armis, the issue impacts IoT and other unmanaged, connected devices including smart TVs, printer, digital assistants, IP phones and more. In other words, corporations across the globe are potentially vulnerable to data exfiltration. Their vulnerable IoT devices could be hijacked by cybercriminals to conduct another Mirai-like attack.

Impact much worse than previously assumed

In June, a group of university researchers and independent researcher Brannon Dorsey discovered that millions of IoT devices were vulnerable to attacks.The researchers had focused on the impact of DNS rebinding on home IoT devices such as Google Home, Sonos Wi-Fi Speakers as well as Wi-Fi routers.

However, Armis said that the impact is far greater previously expected.

Armis identified 165 million printers, 160 million IP cameras, 124 million IP phones, 28.1 million smart TVs, 14 million switches, routers and access points vulnerable to this attack vector. Around 5.1 million streaming media players and smart speakers were also found to be impacted by this vulnerability.

“An example of a vulnerable device is one that is running an unauthenticated protocol like Universal Plug and Play (UPnP) or HTTP (used on unencrypted web servers),” Armis said in its report. “These protocols are commonly used to host administrative consoles (for routers, printers, IP cameras) or to allow easy access to the device’s services (for example, streaming video players), and are pervasive in businesses.”

Although the massive number of IoT devices currently vulnerable to DNS rebinding attacks is cause for alarm, there are a few options that organizations can implement to mitigate the impact of the DNS rebinding exploit. The fastest and easiest solution is to monitor all vulnerable devices for any sign of breaches. In addition, corporations are also advised to incorporate best practices such as performing a risk analysis of each of the IoT devices, creating inventory of all such devices in the workplaces, and updating devices if patches are available.