DNS rebinding is a cyberattack method that allows a remote hacker to bypass the targeted device’s network firewall.
This attack method allows remote hackers to bypass targeted device network firewalls and hijack web browsers to communicate directly with devices on the local network and exploit security vulnerabilities. It just requires a user’s browser to access a malicious website or ad.
Google discussed DNS rebinding earlier this year. Cyberattackers can use this tecnique to exploit critical security flaws in BitTorrent applications and clients and exploit vulnerabilities in:
- Roku TVs
- Smart thermostats
- Sonos speakers
- Google Chromecast and Home devices.
Armis estimates that DMS rebinding could affect approximately 496 million enterprise devices:
- 165 million printers
- 160 million IP cameras
- 124 million IP phones
- 28 million smart TVs
- 14 million switches and routers
- 5 million media players
“Because of the widespread use of the types of devices listed above within enterprises, Armis can say that nearly all enterprises are susceptible to DNS rebinding attacks,” Armis said. “Unfortunately, printers are one of the least managed, most poorly configured devices in the enterprise. Aside from adjusting basic network configurations, enterprises typically deploy printers with default settings, making them an ideal target for a DNS rebinding attack.”
Armis recommends that companies protect themselves by:
- Conducting risk analyses
- Disabling unnecessary services
- Running updated firmware and security patches on devices