Forescout Research Labs are raising awareness about new Domain Name System (DNS) flaws which could allow hackers to control the internet of things (IoT) devices. “NAME:WRECK” is the common moniker for these DNS implementation vulnerabilities.
The issues affect FreeBSD, Nucleus NET, IPnet, and NetX, four popular TCP/IP stacks, threatening to cause Denial of Service (DoS) or Remote Code Execution (RCE). All four stacks are common in IT networks and IoT firmware, so a security breach on any of them could impact over 100 million consumers.
Leaving these weak points unattended opens the door for apocalyptic scenarios: Government- and enterprise-server exposure would give hackers access to sensitive data, such as financial or intellectual property records. Attacks could also target critical residential and commercial building functions, including security systems. In the worst-case scenario, hackers could gain control of medical devices and prevent healthcare delivery to patients relying on IoT devices for survival.
The researchers called for urgent action to prevent potential data leaks. The research manager of Forescout Research Labs, Daniel dos Santos, says that they “encourage all organizations to make sure they have the most up-to-date patches for any devices running across these affected IP Stacks.”
Forescout offered a detailed description of these vulnerabilities and offered additional help if the patching proves to be challenging, especially if the device is not a standard IT server or IoT device.