Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.
IoT systems connect sensors and control networks, so device identity, secure updates, data protection, and reliable operation support safety and availability.
Search across headline titles and summaries.
Background for this topic.
Internet of Things (IoT) comprises physical devices—such as sensors, cameras, appliances, vehicles, medical equipment, and industrial controllers—that collect data, perform actions, and communicate with other devices or cloud services. Its distinctive assets include telemetry, control functions, device identities, and sometimes sensitive location, health, or operational data. Availability and integrity can be safety- or production-critical, while many devices have limited processing capacity, long service lives, and constrained maintenance access.
Security depends on the complete device lifecycle: maintain an accurate inventory, replace default credentials with unique authentication, verify firmware and provide signed, supportable updates, and restrict management interfaces through network segmentation. Exposed services, insecure update mechanisms, weak device-to-cloud APIs, physical access, and third-party components can enable unauthorized monitoring or control, compromise other systems, or conscript devices into attacks. Privacy protections should limit collection and access to telemetry, and monitoring should support detection and safe isolation without disrupting essential operations.
A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.
The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point.
The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn.
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. [...]
Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products