HomeWinBuzzer NewsUnpatched DNS Flaw in uClibc Library Leaves Millions of IoT Devices Vulnerable

Unpatched DNS Flaw in uClibc Library Leaves Millions of IoT Devices Vulnerable

Researchers say the popular C standard library uClibc has a significant flaw that allows DNS attacks on potentially millions of devices.


Security researchers have found a Domain Name System (DNS) vulnerability in uClibc and Uclibc-ng, two commonly used standard C libraries. According to a report, the bug has not been patched and could allow attackers to initiate DNS attacks on IoT devices.

Considering the library is very popular, millions of IoT devices and routers could be at risk. Nozomi Networks Labs found the vulnerability in the C standard libraries and say it directly affects how DNS runs on the libraries. It is worth noting the team says the bug affects all versions of uClibc and uClibc-ng.

“The flaw is caused by the predictability of transaction IDs included in the DNS requests generated by the library, which may allow attackers to perform DNS poisoning attacks against the target device,” Giannis Tsaraias and Andrea Palanca from the research team said in a blog post.

DNS poisoning is also known as DNS spoofing and involves the threat actor tricking the DNS client into allowing fake responses. Any affected program can then carry out its network communications through an attacker-controlled endpoint and not a legitimate one.

Widespread Issue

Such is the ubiquity of uClibc, the problem affects millions of devices making it both a dangerous and widespread bug. Among the major IoT or router vendors who are in the firing line of attacks include Netgear, Linksys, and several Linux distros.

If the DNS poisoning attack is successful, the attack can then initiate a man-in-the-middle attack. This works by re-routing network communications to a server under their control.

“The attacker could then steal and/or manipulate information transmitted by users, and perform other attacks against those devices to completely compromise them,” the team cautions. “The main issue here is how DNS poisoning attacks can force an authenticated response.”

Nozomi Networks is not naming the specific devices that are affected by the vulnerability because the flaw does not have a patch. For now, mitigation against attack involves network admins increasing visibility for security and operations to be more mindful of potential attacks.

Of course, it is hoped a patch will arrive soon.

Tip of the day: Windows lets you use Cortana to translate sentences, words, or phrases, with the results read back to you automatically. This makes it particularly useful for group scenarios, but you can also type if you’re unsure about pronunciation. Cortana translation sports an impressive 40 languages and utilizes machine learning to provide natural results in many cases. Check our full guide to learn how to use Cortana for quick translations.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News