Sign In

Communications of the ACM

ACM TechNews

Millions of Devices at Risk From NAME:WRECK DNS Bugs

View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A representation of data security.

More than 100 million connected Internet of things devices are thought to be at risk from nine newly disclosed DNS vulnerabilities.

Credit: AdobeStock

Researchers at cybersecurity provider Forescout Research Labs and Israeli cybersecurity consultancy JSOF discovered nine new Domain Name System (DNS) vulnerabilities that could imperil more than 100 million connected Internet of Things (IoT) devices, at least a third of them located in the U.K.

Collectively designated NAME:WRECK, the bugs affect four popular Transmission Control Protocol/Internet Protocol (TCP/IP) stacks: FreeBSD, IPnet, Nucleus NET, and NetX.

Malefactors who exploit the vulnerabilities in a denial of service or remote code execution attack could disrupt or hijack targeted networks.

Forescout's Daniel dos Santos said, "Complete protection against NAME:WRECK requires patching devices running the vulnerable versions of the IP stacks, and so we encourage all organizations to make sure they have the most up-to-date patches for any devices running across these affected IP stacks."

From Computer Weekly


No entries found