Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.
Stay updated on DNS security with the latest news on threats, protection strategies, and expert insights into securing your domain systems.
Search across headline titles and summaries.
Background for this topic.
DNS is the distributed naming system that translates domain names into IP addresses and other service records. Its security matters because an attacker who compromises a registrar account, authoritative DNS server, or resolver can redirect users to an attacker-controlled service, disrupt access, or interfere with email and software updates. Forged replies and cache poisoning can produce similar redirection when validation is absent. DNS traffic can also carry command-and-control instructions or encoded data, although unusual queries require investigation rather than being treated as proof of compromise.
DNSSEC allows validating resolvers to authenticate signed DNS data, reducing spoofing and cache-poisoning risk; it does not encrypt queries or guarantee availability. Protect registrar and DNS-administration accounts with strong authentication and least privilege, restrict recursion and zone transfers, patch DNS software, and use redundant authoritative infrastructure. Monitor record changes, resolver errors, query volumes, and patterns such as long, frequently changing subdomains to support detection of hijacking, outages, or DNS tunneling.
A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.
The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn.
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. [...]
Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products