Cyber-Security-Lock-Pixabay

Security researchers have found a Domain Name System (DNS) vulnerability in uClibc and Uclibc-ng, two commonly used standard C libraries. According to a report, the bug has not been patched and could allow attackers to initiate DNS attacks on IoT devices.

Considering the library is very popular, millions of IoT devices and routers could be at risk. Nozomi Networks Labs found the vulnerability in the C standard libraries and say it directly affects how DNS runs on the libraries. It is worth noting the team says the bug affects all versions of uClibc and uClibc-ng.

“The flaw is caused by the predictability of transaction IDs included in the DNS requests generated by the library, which may allow attackers to perform DNS poisoning attacks against the target device,” Giannis Tsaraias and Andrea Palanca from the research team said in a blog post.

Advertisement

DNS poisoning is also known as DNS spoofing and involves the threat actor tricking the DNS client into allowing fake responses. Any affected program can then carry out its network communications through an attacker-controlled endpoint and not a legitimate one.

Widespread Issue

Such is the ubiquity of uClibc, the problem affects millions of devices making it both a dangerous and widespread bug. Among the major IoT or router vendors who are in the firing line of attacks include Netgear, Linksys, and several Linux distros.

If the DNS poisoning attack is successful, the attack can then initiate a man-in-the-middle attack. This works by re-routing network communications to a server under their control.

“The attacker could then steal and/or manipulate information transmitted by users, and perform other attacks against those devices to completely compromise them,” the team cautions. “The main issue here is how DNS poisoning attacks can force an authenticated response.”

Nozomi Networks is not naming the specific devices that are affected by the vulnerability because the flaw does not have a patch. For now, mitigation against attack involves network admins increasing visibility for security and operations to be more mindful of potential attacks.

Of course, it is hoped a patch will arrive soon.

Tip of the day: Windows lets you use Cortana to translate sentences, words, or phrases, with the results read back to you automatically. This makes it particularly useful for group scenarios, but you can also type if you’re unsure about pronunciation. Cortana translation sports an impressive 40 languages and utilizes machine learning to provide natural results in many cases. Check our full guide to learn how to use Cortana for quick translations.

Advertisement