Unpatched DNS Bug Endangers Millions of Routers and IoT Devices

10
Unpatched DNS Bug Endangers Millions of Routers and IoT Devices

A loophole in all versions of the popular C standard libraries uClibe and uClibe-ng is allowing for DNS poisoning attacks against target devices.

Researchers discovered that an unpatched Domain Name System (DNS) issue in a popular standard C library can be used to launch DNS poisoning attacks against millions of IoT devices and routers, potentially allowing attackers to seize control of them.

Researchers from Nozomi Networks Labs uncovered a problem impacting the implementation of DNS in all versions of uClibc and uClibc-ng, prominent C standard libraries used in a wide range of IoT products, according to a blog post published this week. In the meanwhile, Nozomi Networks advises network managers in both IT and operational technology contexts to improve network visibility and security.

Read More: https://threatpost.com/dns-bug-millions-routers-iot-risk/179478/