DNS rebinding is a cyberattack method that allows a remote hacker to bypass the targeted device’s network firewall.
According to a report by security research firm Armis, nearly half a billion IoT devices used by enterprises are sitting exposed to cyberattacks via DNS rebinding. DNS rebinding is an attack method that, allows a remote hacker to bypass the targeted device’s network firewall and hijack their web browser to directly communicate with devices on the local network and exploit any security vulnerabilities they may have. All it takes is getting the browser to access a malicious website or ad.
Google discussed DNS rebinding earlier this year, revealing that it can be used to exploit critical security flaws in several BitTorrent applications and clients, and recently it was revealed that DNS rebinding could be used to exploit vulnerabilities in Roku TVs, smart thermostats, routers, Sonos speakers and Google Chromcast and Home devices.
Armis has estimated that approximately 496 million enterprise devices are vulnerable to DNS rebinding. That breaks down to 165 million printers, 160 million IP cameras, 124 million IP phones, 28 million smart TVs, 14 million switches and routers, and 5 million media players
“Because of the widespread use of the types of devices listed above within enterprises, Armis can say that nearly all enterprises are susceptible to DNS rebinding attacks,” Armis said. “Unfortunately, printers are one of the least managed, most poorly configured devices in the enterprise. Aside from adjusting basic network configurations, enterprises typically deploy printers with default settings, making them an ideal target for a DNS rebinding attack.”
Armis says the best way for companies to protect themselves is to perform a risk analysis, disable unnecessary services, and make sure all devices are running up to date firmware and any security patches issued to them.