Recent IoT Device Attacks Have Alarming Scaling Potential

Over 100 million internet of things (IoT) devices have been forced to act as hosts of critical domain name system (DNS) vulnerabilities. These nine loopholes are present in four widely used Transmission Control Protocol/Internet Protocol (TCP/IP) stacks and could grant malicious actors easy access to sensitive data through remote code execution and other common hacking methods. The potential ramifications of inherent system security weaknesses for ubiquitous IoT devices are terrifying for any kind of user, but particularly of concern for businesses relying on the technology for essential day-to-day operations or sensitive data storage. The uncertainty is bound to create a shockwave of IT service organizations running to the rescue.

Forescout Research Labs and JSOF have released a diagnostic assessment of the situation, explaining that the spread of IoT adoption across consumer, enterprise, and industrial sectors is an alarming aspect. Consistency among systems at such differing levels of authorization and administrative power is a hotbed of susceptibility. However, an IoT exploit sets its sights on more than the network-connected, physical devices usually associated with the programming. The newest batch of DNS foibles were housed in FreeBSD, IPnet, Nucleus NET, and NetX, fairly widespread TCP/IP stacks. While most of these are IoT and OT firmware mainstays, FreeBSD touches upon millions of networks and high-end servers, presenting a tough-to-crack problem for scaling a solution.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

The nature of DNS decentralization makes it a sought-after path for hacking. Unlike the simple domain name classification of assets through character strings, the DNS protocol directs device inquiries to resolve the requested name to targeted IP addresses. DNS applications have had a rough time as of late; even before the current campaign, dubbed NAME:WRECK, vulnerabilities have made headlines. Wormable flaws were discovered in Windows DNS servers, and popular applications like WhatsApp and Google Play Store also suffered intrusive attacks facilitated by DNS manipulation. In March, Europol sent out a blanket statement of warning for remote work and healthcare servers. Those two sectors have been made to bear the brunt of DNS hacks.

Research Manager Daniel dos Santos of Forescout said, “When we look at internal data, sometimes medical devices are being used in the same network as personal devices and workstations. Some entities are mixing criticalities of devices or data. And one device in the chain of vulnerabilities can be used by attackers as a stepping stone or entry point into the network. It’s important to make sure attackers cannot reach [critical devices] for their final goal.” Healthcare is said to have the stack in operation for over 1,500 Nucleus RTOS devices, which constitutes the biggest subset in the attack with around 43% of total affected platforms. Another 16% of devices, estimated at 37,000, are utilizing FreeBSD in the sector. Moreover, devices equipped with ThreadX RTOS represent 17% of the targeted technology population.

Though it may be a difficult pill to swallow for those enamored of the conveniences associated with reliance on IoT, IT service managers running a postmortem might suggest a temporary freeze on the technology. This would expedite the process of segmenting networks, for the short-term waylaying of hackers and the long-term plans for safe DNS reconstruction.