Printers, IP phones and IP cameras among devices vulnerable to attack

 

A 10-year-old security flaw has left nearly a half-billion Internet of Things devices vulnerable to cyberattacks at businesses worldwide.

The web exploit causing all of the trouble is called DNS rebinding.  It’s an attack first disclosed at the RSA Conference in 2008.

It’s a common misconception that IoT and unmanaged devices are safe because they sit behind a firewall. That is not the case with DNS rebinding. DNS rebinding manipulates the trust model between browsers and the outside world. This allows a remote attack to compromise IoT devices as if the attacker were actually on the internal network.

The hacker can gain access to the web browser through a malicious link enclosed within an email, banner ad or other source. This then can leave devices susceptible to data exfiltration, compromise and even hijacking.

It’s been reported by Armis (https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/) that the impacted devices include 87 percent of switches, routers and access points; 78 percent of streaming media players and speakers; 77 percent of IP phones; 75 percent of IP cameras; 66 percent of printers; and 57 percent of smart TVs. Armis has also stated that there is a possibility that even more devices could be impacted beyond the ones they tested.

To sum it all up, if you have a switch, router, computer, IP phone, IP camera, printer, smart TV, smart refrigerator, etc., your devices could be at risk.

If you’re concerned about the security of your devices, give us a call here at RHYNO Networks. (855) 749-6648