Sign In

Communications of the ACM

ACM News

These New Vulnerabilities put Millions of IoT Devices at Risk, so Patch Now


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Mapping an individual's Internet connections.

Security researchers have discovered a set of DNS vulnerabilities affecting popular Internet of Things firmware, potentially putting over 100 million consumer, enterprise, and industrial Internet-connected devices at risk worldwide.

Credit: Shutterstock

Security vulnerabilities in millions of Internet of Things devices (IoT) could allow cyber criminals to knock devices offline or take control of them remotely, in attacks that could be exploited to gain wider access to affected networks.

The nine vulnerabilities affecting four TCP/IP stacks – communications protocols commonly used in IoT devices – relate to Domain Name System (DNS) implementations, which can lead to Denial of Service (DoS) or Remote Code Execution (RCE) by attackers. Over 100 million consumer, enterprise and industrial IoT devices are potentially affected.

Uncovered and detailed by cybersecurity researchers at Forescout and JSOF, the vulnerabilities have been dubbed Name:Wreck after the way the parsing of domain names can break DNS implementations in TCP/IP stack, leading to potential attacks.

From ZDNet
View Full Article

 


 

No entries found