DNS rebinding is a cyberattack method that allows a remote hacker to bypass the targeted device’s network firewall.
Research firm Armis released a report that indicates nearly half a billion IoT enterprise devices are exposed to cyberattack via DNS rebinding.
This attack method allows remote hackers to bypass targeted device network firewalls and hijack web browsers to communicate directly with devices on the local network and exploit security vulnerabilities. It just requires a user’s browser to access a malicious website or ad.
Google discussed DNS rebinding earlier this year. Cyberattackers can use this tecnique to exploit critical security flaws in BitTorrent applications and clients and exploit vulnerabilities in:
- Roku TVs
- Smart thermostats
- Routers
- Sonos speakers
- Google Chromecast and Home devices.
See also: How SMBs can protect themselves from cyberattack
Armis estimates that DMS rebinding could affect approximately 496 million enterprise devices:
- 165 million printers
- 160 million IP cameras
- 124 million IP phones
- 28 million smart TVs
- 14 million switches and routers
- 5 million media players
“Because of the widespread use of the types of devices listed above within enterprises, Armis can say that nearly all enterprises are susceptible to DNS rebinding attacks,” Armis said. “Unfortunately, printers are one of the least managed, most poorly configured devices in the enterprise. Aside from adjusting basic network configurations, enterprises typically deploy printers with default settings, making them an ideal target for a DNS rebinding attack.”
Armis recommends that companies protect themselves by:
- Conducting risk analyses
- Disabling unnecessary services
- Running updated firmware and security patches on devices
