Categories: Cyber Security

New Smart Devices Still Vulnerable to Age-Old DNS Rebinding Attack

As technology becomes more advanced, so do cyber security attacks. It seems hackers are always coming up with new, sneakier ways to infiltrate networks and steal information. But some attacks have stood the test of time—and one of these is a trick called DNS rebinding.

Hackers have been using this devious tactic since 2007—practically ancient history in tech-time—but it’s recently resurfaced. Earlier this year, a number of big-brand smart devices were listed as especially vulnerable to this type of attack—Google Home, Roku, and Chromecast among them.

Unfortunately, millions of smart devices could still be at risk of a DNS rebinding attack—and your devices could be among them. Here’s what you need to know to avoid falling victim to this decade-old threat.

What is a DNS rebinding attack?

In a DNS rebinding attack, an attacker first creates a malicious web page or posts a malicious ad on a legitimate page. Anyone who visits that page will be exposed to a script that infiltrates their device’s firewall and gains control of their router.

From there, the attacker can communicate directly with smart devices connected to the router—which might include printers, switches, media streaming players, wireless speakers, IP cameras and phones, and smart TVs. The owner might never know their device is compromised—until something goes horribly wrong.

Who is affected by these attacks?

Just because a smart device is new doesn’t mean it’s safe from this old trick. Vulnerable products include smart devices from Apple, Google, Sonos, Roku, Dell, GoPro, Sony, Samsung, and many more. That equates to about 496 million devices at risk.

A DNS rebinding attack is bad enough for an individual, but for a business, it can be devastating. An attacker who accesses a business’ printer, for example, can steal information by downloading documents that have been scanned, cached, or stored on the printer.

Through DNS rebinding attacks, hackers can read and modify data, gain account privileges, and execute unauthorized commands—wreaking havoc with just a few clicks.

How can you prevent a DNS rebinding attack?

Like most cyber security attacks, some of the best prevention methods for DNS rebinding involve changing passwords regularly, disabling services that aren’t needed (like UPnP), and keeping your security software updated. Make sure your passwords and usernames aren’t simply the default ones that came with your device—“password” is not a strong password—and check that they’re unique across all devices and apps.

Since DNS rebinding attacks access the victim’s network through JavaScript, installing the NoScript plugin for JavaScript is another means of protection. You can also change the settings on your router’s admin console to disable access from an external network.

A cyber attack can cause significant damage to your business or personal life, and that’s damage that could end up costing you a great deal of time and money. If you want to tighten your company’s cyber security, eMazzanti can help. We offer robust solutions to help protect your sensitive data and keep your organization safe from both emerging and tried-and-tested cyber attacks, including DNS rebinding. Contact us for more information.

Bryan Antepara

Bryan Antepara: IT Specialist Bryan Antepara is a leader in Cloud engagements with a demonstrated history of digital transformation of business processes with the user of Microsoft Technologies powered by the team of eMazzanti Technologies engineers. Bryan has a strong experience working with Office 365 cloud solutions, Business Process, Internet Information Services (IIS), Microsoft Office Suite, Exchange Online, SharePoint Online, and Customer Service. He has the ability to handle the complexity of moving data in and out of containers and cloud sessions, makes him the perfect candidate to help organizations large and small migrate to new and more efficient platforms.  Bryan is a graduate of the University of South Florida and is Microsoft Certification holder.

Recent Posts

Implementing Anti-Spoofing Rules for Email Protection

Increasingly, email communication is playing a pivotal role in business operations, facilitating collaboration, customer engagement,…

11 hours ago

The Comprehensive Benefits of MSP Management for Servers, Exchange, O365, VPN, and Networks

As the digital landscape evolves, businesses of all sizes face the challenge of managing complex…

12 hours ago

Cost-Benefit Analysis of On-Premises Network/Server Infrastructure vs. Azure-Based Cloud Infrastructure

In the evolving landscape of information technology, businesses constantly seek the most efficient and cost-effective…

12 hours ago

The Importance of Rigorous Security Protocols: MFA, VPN, Password Strength, and MSP Management

In an increasingly digital and interconnected world, the importance of robust security protocols cannot be…

12 hours ago

Robust Cybersecurity is Vital for Small to Medium-Sized Businesses

In today’s digital age, cybersecurity is no longer a luxury or a concern solely for…

14 hours ago

Understanding Your Printer

Printers are essential tools in both personal and professional settings, yet many people are unaware…

1 day ago