Communications of the ACM
These New Vulnerabilities put Millions of IoT Devices at Risk, so Patch Now
Security researchers have discovered a set of DNS vulnerabilities affecting popular Internet of Things firmware, potentially putting over 100 million consumer, enterprise, and industrial Internet-connected devices at risk worldwide.
Credit: Shutterstock
Security vulnerabilities in millions of Internet of Things devices (IoT) could allow cyber criminals to knock devices offline or take control of them remotely, in attacks that could be exploited to gain wider access to affected networks.
The nine vulnerabilities affecting four TCP/IP stacks – communications protocols commonly used in IoT devices – relate to Domain Name System (DNS) implementations, which can lead to Denial of Service (DoS) or Remote Code Execution (RCE) by attackers. Over 100 million consumer, enterprise and industrial IoT devices are potentially affected.
Uncovered and detailed by cybersecurity researchers at Forescout and JSOF, the vulnerabilities have been dubbed Name:Wreck after the way the parsing of domain names can break DNS implementations in TCP/IP stack, leading to potential attacks.
From ZDNet
View Full Article
No entries found