<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>

 

DNSpooq Security Flaws - Millions of Devices Are Exposed To Hijackers

27 Jan, 2021
DNSpooq Security Flaws - Millions of Devices Are Exposed To Hijackers

Yes, it is a time to be attentive and safeguard your devices. A serious DNS bug has been found in devices that help the black hat hackers to access people's data.

Due to this attack, millions of users are expected to be harmed. On investigation, the attacks are found to be termed as DNS (Domain Name System) cache poisoning and remote code execution attacks. Further, the systems are found with 7 security vulnerabilities in dnsmasq.

Generally, these DNS software are found in devices such as smartphones, computers, routers, servers, and other IoT devices.

Positively, the flaws were discovered by JSOF, an Israeli security company.

JSOF informed the users:
“Some of the DNSpooq vulnerabilities allow for DNS cache poisoning and one of the DNSpooq vulnerabilities could permit a potential Remote Code execution that could allow a takeover of many brands of home routers and other networking equipment, with millions of devices affected, and over a million instances directly exposed to the Internet,”

As per data, around 1.2 million servers have been exposed, and more are confirmed with high risk.

Besides, there are around 40 vendors that contain dnsmasq in their software, firmware, and products. Companies like Cisco, Comcast, Dell, Motorola, IBM, etc. are on the list.

DNSpooq, the security flaws can be categorised into 2 groups:

  • 3 DNS cache poisoning attack
  • 4 Buffer overflow flaws

The research company stated:

“The impact of DNS cache poisoning of the routing equipment DNS forwarding server can potentially lead to different kinds of fraud if users believe they are browsing to one website but are actually routed to another,”

JSOF came to know about the vulnerabilities in August 2020 and announced the news in public this month after their complete evaluation.

Solution:

This is strongly advised to everyone to install the dnsmasq update version 2.83.

The respective vendors are also aware of the security flaws and are taking specific measures to provide a safe and secure experience for their users.

What's new in the cyber industry?

Stay in touch with ISOEH (Indian School of Ethical Hacking) to get industry updates and news.

Let's fight against the cybercriminals together!

Read Other Breaking News

Read All Breaking News »

Exclusive Blog

Read All Exclusive Blog »
A few tips for the perfect homework
A few tips for the perfect homework

With world working from home, it's time to make it enjoyable and effective.

Read Details

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details