HALF A BILLION Internet of Things (IoT) enterprise devices are susceptible to DNS “rebinding attacks” that give remote attackers a way to get around firewalls and gain access to vulnerable devices on a local network.
That’s according to security outfit Armis, who states in a fresh report that enterprises are even more exposed than consumers thanks to devices that are used in the workplace such as IP phones, printers, networking equipment, and cameras.
These devices apparently put enterprises at risk from attacks, data exfiltration, and takeover from a Mirai-like worm attack.
“DNS rebinding takes advantage of a nearly decade-old flaw in web browsers that allows a remote attacker to bypass a victim’s network firewall and use their web browser as a proxy to communicate directly with vulnerable devices on the local network,” Armis explained in a blog post revealing its new findings.
An example of a vulnerable device is one that is running an unauthenticated protocol like Universal Plug and Play (UPnP) or HTTP, used on unencrypted web servers. These protocols are commonly used to host administrative consoles for routers, printers, IP cameras, or to allow easy access to the device’s services, and are pervasive in businesses, the report states.
“The majority of manufacturers who make commonly used IoT devices within enterprise environments ship devices that are vulnerable to a DNS rebinding attack,” Armis said.
“Using data from Armis’ Device Knowledgebase, which includes over five million device behaviour profiles, our researchers identified the devices, manufacturers, and the estimated number of vulnerable devices worldwide in the enterprise, nearly half a billion devices – 496 million by our count.”
Because of the widespread use of the types of devices within enterprises, Armis said that nearly all are susceptible to DNS rebinding attacks.
For example, Cisco Systems recently issued software updates to tackle a high-risk vulnerability in several VoIP phone models. This vulnerability allowed a remote attacker to perform a command injection and execute commands with the privileges of the web server. And it’s this is the type of scenario that can happen thanks to a DNS Rebinding attack.
IP security cameras were also found to be among the most at risk as 10 vulnerabilities were published in Axis cameras and Foscam cameras.
“Printers were also identified in our research. Unfortunately, printers are one of the least managed, most poorly configured devices in the enterprise. Aside from adjusting basic network configurations, enterprises typically deploy printers with default settings, making them an ideal target for a DNS rebinding attack,” Armis added. µ
Source : Inquirer