Categories: Cyber Security

New Smart Devices Still Vulnerable to Age-Old DNS Rebinding Attack

As technology becomes more advanced, so do cyber security attacks. It seems hackers are always coming up with new, sneakier ways to infiltrate networks and steal information. But some attacks have stood the test of time—and one of these is a trick called DNS rebinding.

Hackers have been using this devious tactic since 2007—practically ancient history in tech-time—but it’s recently resurfaced. Earlier this year, a number of big-brand smart devices were listed as especially vulnerable to this type of attack—Google Home, Roku, and Chromecast among them.

Unfortunately, millions of smart devices could still be at risk of a DNS rebinding attack—and your devices could be among them. Here’s what you need to know to avoid falling victim to this decade-old threat.

What is a DNS rebinding attack?

In a DNS rebinding attack, an attacker first creates a malicious web page or posts a malicious ad on a legitimate page. Anyone who visits that page will be exposed to a script that infiltrates their device’s firewall and gains control of their router.

From there, the attacker can communicate directly with smart devices connected to the router—which might include printers, switches, media streaming players, wireless speakers, IP cameras and phones, and smart TVs. The owner might never know their device is compromised—until something goes horribly wrong.

Who is affected by these attacks?

Just because a smart device is new doesn’t mean it’s safe from this old trick. Vulnerable products include smart devices from Apple, Google, Sonos, Roku, Dell, GoPro, Sony, Samsung, and many more. That equates to about 496 million devices at risk.

A DNS rebinding attack is bad enough for an individual, but for a business, it can be devastating. An attacker who accesses a business’ printer, for example, can steal information by downloading documents that have been scanned, cached, or stored on the printer.

Through DNS rebinding attacks, hackers can read and modify data, gain account privileges, and execute unauthorized commands—wreaking havoc with just a few clicks.

How can you prevent a DNS rebinding attack?

Like most cyber security attacks, some of the best prevention methods for DNS rebinding involve changing passwords regularly, disabling services that aren’t needed (like UPnP), and keeping your security software updated. Make sure your passwords and usernames aren’t simply the default ones that came with your device—“password” is not a strong password—and check that they’re unique across all devices and apps.

Since DNS rebinding attacks access the victim’s network through JavaScript, installing the NoScript plugin for JavaScript is another means of protection. You can also change the settings on your router’s admin console to disable access from an external network.

A cyber attack can cause significant damage to your business or personal life, and that’s damage that could end up costing you a great deal of time and money. If you want to tighten your company’s cyber security, eMazzanti can help. We offer robust solutions to help protect your sensitive data and keep your organization safe from both emerging and tried-and-tested cyber attacks, including DNS rebinding. Contact us for more information.

Bryan Antepara

Bryan Antepara: IT Specialist Bryan Antepara is a leader in Cloud engagements with a demonstrated history of digital transformation of business processes with the user of Microsoft Technologies powered by the team of eMazzanti Technologies engineers. Bryan has a strong experience working with Office 365 cloud solutions, Business Process, Internet Information Services (IIS), Microsoft Office Suite, Exchange Online, SharePoint Online, and Customer Service. He has the ability to handle the complexity of moving data in and out of containers and cloud sessions, makes him the perfect candidate to help organizations large and small migrate to new and more efficient platforms.  Bryan is a graduate of the University of South Florida and is Microsoft Certification holder.

Recent Posts

Protecting Municipal Data: Security Tips for City Officials

The FBI reported that cyber attacks against government facilities saw an increase of almost 36…

19 hours ago

The Advantages of Collaborating with a Managed Services Provider

In today’s fast-paced, technologically advanced world, businesses of all sizes increasingly rely on digital systems…

23 hours ago

Technology Buzzwords: Demystifying the Jargon of the Digital Age

You likely hear terms like "blockchain," "machine learning," and "cloud computing" without considering their real…

1 day ago

Top 5 Collaborative Tools in Microsoft 365 Drive Productivity and Innovation

In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…

1 week ago

7 Essential Contact Information Tips for Email Signatures to Enhance Your Professional Image

An email signature accomplishes much more than simply telling readers who you are and how…

2 weeks ago

Maximizing Threat Response Efficiency with Security Copilot

Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…

3 weeks ago