• For Enquiry
  • 847-868-9253
  • 847-868-9208
  • Home
  • Why Choose CIO Landing?
    • Our Team
    • Success Stories
    • ‘8 Things’ We Do Better
    • Partners & Certifications
    • Our Services
  • Industry Expertise
    • Manufacturing
    • Medical
    • Education
    • Financial Services
    • Non-Profit
    • Law Firms
  • IT Solutions
    • Co-Managed Service
    • Managed IT Services
    • IT Support
      • On Demand Services
      • Office Moves & Wiring
      • Security
    • Server Management
    • Backup & Disaster Recovery
    • Cloud Services
    • CIO & IT Consulting
    • Cybersecurity Services
    • VoIP
    • Managed Firewall
    • Microsoft 365
      • Microsoft 365 Plans
        • Small Business
        • Enterprise
        • Education
    • Hardware & Software Sales
    • Email & Spam Protection
  • Resources
    • Free Copy Of New Book
    • Blog
    • Newsletter
    • Video Tips
      • Video Tips Archive
    • Free Cloud Report
    • IT Buyers Guide
    • Cybersecurity Crisis Report
    • Network Audit
    • COVID 19 Resources
    • In The NEWS
    • Online Training
  • About Us
    • Our Mission
    • Leadership
    • Teams
    • Referral Program
    • Press Releases
      • CIO Landing: More Than Just an IT
      • Small businesses can have an IT department too
      • CIO Landing, Inc. has joined forces with Banc Certified Merchant Services (BCMS).
    • Affiliations
    • Careers
      • Job Descriptions
    • FAQs
    • Causes We Support
    • Privacy Policy
    • Terms & Conditions
  • Locations
    • Northfield, IL
    • Northbrook, IL
    • Chicago, IL
    • Miami, FL
  • Support
✕
Users Without Internet Explorer Updates Are Vulnerable To Malware
May 20, 2022
Microsoft Edge Browser To Get Free Limited VPN
May 23, 2022

Many IOT Devices At Risk Due To DNS Vulnerability

May 21, 2022

How many “smart” devices do you have connected to your home or company network?  It’s probably a higher number than you originally estimated.  However large that number is, it pays to be aware that IoT devices are some of the least secure devices available on the market today, which makes them the weakest link in terms of hackers successfully attacking your network.

In fact, there are millions of IoT devices that are vulnerable to a critical security flaw residing in the DNS component of a C Standard library that all sorts of firmware developers make use of.  That means that right now, there are literally millions of ticking time bombs out there and one or more of them could be connected to your network.

There are two libraries to be aware of here:  uClibc and its fork, developed by the OpenWRT team.  You’ll find major companies like Linksys, Axis, and Netgear making use of both on a regular basis, and you’ll even find it in some Linux distributions.

Unfortunately, at the time this article was written, there are no fixes available from the developer which leaves the products of more than 200 different vendors at risk.

Essentially, the flaw relies on a predictable transaction ID for DNS lookup requests.  It is that predictability that creates the vulnerability and allows a clever hacker to “trick” a vulnerable device into pointing to an arbitrarily defined end point specified by the hacker, which would have the effect of rerouting your network traffic to a server under the control of the hackers.

As you can imagine, that would cause no end of trouble for you and your company. That is because the hackers would then have perfect visibility into everything you do on your network and would be able to inject any sort of malware into any system on your network.

There’s no simple solution here except to disconnect any vulnerable IoT devices from your network and contact the developers who maintain the library and demand immediate action.  A fix is currently in the works, but adding your voice to the rapidly growing chorus can’t hurt.

Share
34
taylor
taylor

Related posts

March 10, 2025

The Hidden Threat: How Gift Card Scams Are Targeting Businesses Like Yours

Read more
February 11, 2025

CIO Landing Named to CRN’s MSP 500 List for 2025—For the Third Year in a Row!

Read more
December 4, 2024

Unlocking the Power of Windows 11: Tips for Maximum Productivity

Read more
© 2025 All Rights Reserved | Powered by CIO Landing