Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk


Researchers discovered that an unpatched DNS issue in a popular standard C library can allow attackers to mount DNS poisoning attacks against millions of IoT devices and routers, potentially allowing them to seize control of them.

According to Nozomi’s Giannis Tsaraias and Andrea Palanca, the weakness is caused by the predictability of transaction IDs included in DNS queries created by the library, which could allow attackers to undertake DNS poisoning attacks against the target device. Read More…