Half a Billion Devices Exposed to DNS Rebinding Attacks

A cyber-security firm by the name of Armis has warned that nearly half a billion smart devices are vulnerable to DNS rebinding. DNS rebinding is a decade old security vulnerability that attackers exploit to make a device access unintended domain by tricking the browser.

What Is DNS Rebinding

To protect a device, a web browser allows scripts loaded from a web page to only interact with pages under the same domain. So if xyz.com runs a JavaScript in your browser, it can only interact with web pages under the xyz.com domain, xyz.com/about-us for example. This behavior is known as Same-Origin Policy, or SOP for short.

But the problem is that web browsers use URLs to enforce same-origin policy, but use IPs to communicate requests. So if a malicious website changes its IP it can easily circumvent SOP, bypassing a victim’s network firewall and turning their web browser into a proxy to communicate directly with vulnerable devices on the local network. That’s it in a nutshell.

We had previously written a story where a programmer by the name of Brannon Dorsey used DNS rebinding to hack into connected devices, in which we explain in detail how the attack works. If you’re curious to read up on DNS rebinding, please check out the article here.

Vulnerabilities Galore

There have been numerous reports of DNS rebinding flaws, including flaws in Blizzard apps, uTorrent, and Google Home, Roku TV, and Sonos devices.

Following the investigation, experts are saying that nearly all types of smart devices are vulnerable to DNS rebinding – think smart TVs, routers, printers, surveillance cameras, and smart assistants. Here’s a breakdown:

DNS Rebind Devices

Armis said that enterprises are particularly vulnerable to these attacks, as almost half a billion of these devices are used in the workplace.

The research team estimated that the number of vulnerable devices worldwide in the enterprise account for nearly half a billion devices, 496 million to be exact. The breakdown is as follows:

DNS Rebinding table

Following Dorsey’s discovery, device manufacturers such as Roku and Sonos to start working on patches. But it’s hard to imagine that all device manufacturers will follow suit. Perhaps a better course of action would be to rethink how browsers and DNS servers work, but that feels equally far-fetched as well.