A new vulnerability could endanger millions of connected devices, according to a group of researchers. Although the problem was reported in September 2021, it has not been until this moment when the true potential has been discovered of the cyber attack that manages to take advantage of this hole.

A multitude of IoT (Internet of Things) devices would be in danger with a vulnerability that affects the DNS implementation of two very popular libraries written in C: uClibc and uClibc-ng. These libraries are commonly used to develop embedded Linux systems.

A security flaw that would affect millions of users with IoT devices

Many of the mentioned libraries are used by companies such as Linksys, Netgear, or Axis, among others. these companies offer a large number of solutions within the sector of connected devices. If affected, it could pose a serious risk to millions of products.



Image: Nozomi Networks

Giannis Tsaraias and Andrea Palanca, from the firm Nozomi Networks, confirmed the seriousness of the situation through a recent statement:

The issue is caused by the predictability of the transaction IDs included in the DNS requests generated by the library, which can allow attackers to perform ‘DNS poisoning’ attacks against the target device.

DNS cache poisoning, or simply DNS poisoning, is a technique used by cybercriminals that consists of enter false information in the DNS cache so that queries return incorrect answers, thereby redirecting users to malicious websites.

If someone takes advantage of this dangerous security flaw, they could use man-in-the-middle attacks to corrupt the DNS and create chaos on the server to get it out of control. These attacks consist of intercepting the communication between two points to collect and modify the information at will.

This attack could pose a risk, since any criminal who knows how to take advantage of the security flaw could steal or manipulate the information easily.

vulnerability still not corrected, but according to Nozomi Networks, they are working with those responsible for the libraries to solve it. They also state that the problem affects a large number of IoT devices, and all those that they have been able to test on their latest firmware version were compromised.