21-04-2021 | By Robin Mitchell
Recently, researchers have been able to identify several DNS related vulnerabilities in many popular TCP/IP stacks. What is a DSN, what vulnerabilities have been identified, and how many devices are affected?
The Internet is truly one of humanity’s greatest inventions, and is simple when compared to other modern technologies such as CPUs, microcontrollers, and FPGAs. Fundamentally, the Internet is nothing more than a platform that allows any two connected devices in the world to exchange information, and the connection between the two machines can be thought of as a serial port. Bytes are sent down this connection, and it is up to the machines on how to interpret these bytes.
For two computers to talk to each other, one of them needs to know where the other is located. Like houses, each internet-connected device has a unique address called an IP address, which is made up of a string of numbers.
Since devices continuously connect and disconnect from the internet, internet service providers need to reuse old addresses otherwise the address numbers would become too big too quickly. This is called a dynamic IP address, and every time a device reconnects to the internet, they get a new IP address.
However, this causes problems when computers and servers host websites because by the time everyone finds out the IP address of the computer they want to talk to, the number has probably changed. Furthermore, numbers are non-intuitive and very human unfriendly, and this is where the DNS comes in.
A Domain Name Server, or DNS, is a special server that holds a table of website names and their IP addresses. When a computer wants to connect to a specific website, they contact the DNS first (whose IP does NOT change), and the DNS responds with the IP address of the website to be contacted. From there, the computer now has the right IP address and continues with its connection.
Recently, researchers from Forescout have announced nine vulnerabilities that are all collectively named NAME:WRECK. The vulnerabilities affect many different TCP/IP stacks used by IoT devices to communicate over the internet. For example, an TCP/IP stack is responsible for how devices send and receive messages, how to request names from DNS servers, and handle protocols such as HTTP.
According to the researchers, the vulnerabilities in the multiple TCP/IP stacks used in different IoT devices resides in their DNS implementation or how they communicate with DNS servers. In the vulnerabilities, it has been shown that IoT devices can fall victim to Denial of Service attacks which essentially stalls a devices internet connection, and are also victim to Remote Code Execution which allows an attacker to inject arbitrary code for the device to execute (thereby taking full control).
Such vulnerabilities occur due to poor implementation in a standard as opposed to the standard itself being faulty. A classic example was the Heatbleed vulnerability in OpenSSL. The code developers didn’t perform boundary checks on buffers which meant that they could be overflowed easily thereby accessing protected areas of memory.
According to Forescout, three major TCP/IP stacks have been identified as being affected; Nucleus NET, FreeBSD, and Netx. However, this does not mean that those developed by others are any safer, and may also be affected. While all three of these have now been patched, systems running older versions may still be vulnerable. Therefore Forescout is urging engineers to check devices they have placed into the field for vulnerabilities.
Determining the number of devices affected is extremely difficult due to the large number of IoT devices currently connected (over 20 billion). However, Forescout made an educated guess for the least worst-case scenario, but the numbers are bad even then. Forescout guessed that for 10 billion devices that utilise the three aforementioned TCP/IP stacks, if just 1% of devices are vulnerable, that leaves 100 million devices at risk.
This concern is further amplified when considering that government institutions heavily use systems such as FreeBSD. Data privacy could be a major risk if hackers can exploit the TCP/IP stacks, and use remote code execution to gain entry to protected areas.
The world of IoT has allowed for the rapid deployment of AI and other high-end technologies, but unless such devices can be easily fixed and updated, they could make the world a vulnerable place.