Abstract
DNS rebinding is an attack technique know for more than 20 years, which is experiencing a revival caused by the ever-increasing networking of Internet of Things (IoT) devices. Thus, the potential attack surface is growing rapidly, and this paper shows that DNS rebinding attacks on many smart home devices are still successful. Nevertheless, various conditions must be fulfilled for this type of attack. This leads to the fact that such attacks rarely occur in practice since router vendors often provide DNS rebinding protection. Nevertheless, we believe that it is valuable to investigate whether individual devices are theoretically vulnerable and to create a certain awareness so that the existing countermeasures are used correctly.
As part of this paper, we conducted a study analyzing five devices, four smart home devices and one router as a smart-home gateway connected with the IoT products. Three out of four of the smart home devices are vulnerable, and the router is partially vulnerable because queries reach localhost despite activated DNS rebinding protection; thus, services on localhost are vulnerable. This indicates that the manufacturers of smart home devices rely on the countermeasures of the routers in the first place, but it might even improve the security of the devices if they already implement their own additional countermeasures.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Acar, G., Huang, D.Y., Li, F., Narayanan, A., Feamster, N.: Web-based attacks to discover and control local IoT devices. In: Proceedings of the 2018 Workshop on IoT Security and Privacy (2018)
DNS Rebinding Exposes Half a Billion Devices in the Enterprise. https://armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/. Accessed 06 June 2019
CVE - Common Vulnerabilities and Exposures. https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=DNS+Rebinding. Accessed 06 June 2019
Dai , Y., Resig, R.: FireDrill: interactive \(\{\)DNS\(\}\) rebinding. In: 7th \(\{\)USENIX\(\}\) Workshop on Offensive Technologies (2013)
Dean, D., Felten, E.W., Wallach, D. S.: Java security: From HotJava to Netscape and beyond. In: IEEE Symposium on Security and Privacy (1996)
DNS Attack Scenario, February 1996. http://sip.cs.princeton.edu/news/dns-scenario.html. Accessed 06 June 2019
Grossman, J., Fogie, S., Hansen, R., Rager, A., Petkov, P.D.: XSS Attacks: Cross Site Scripting Exploits and Defense. Syngress (2007)
Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from DNS rebinding attacks. In: ACM Conference on Computer and Communications Security (CCS) (2007)
Johns, M., Lekies, S., Stock, B.: Eradicating DNS rebinding with the extended same-origin policy. In: USENIX Security Symposium (2013)
Johns, M., Winter, J.: Protecting the intranet against “JavaScript malware” and related attacks. In: M. Hämmerli, B., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 40–59. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73614-1_3
Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: ACM Conference on Computer and Communications Security (CCS) (2007)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., Lear, E.: Address allocation for private internets. RFC 1918, RFC Editor, February 1996
Roskind, J.: Attacks against the netscape browser. In: Talk at the RSA Conference (2001)
Singularity of Origin. https://github.com/nccgroup/singularity. Accessed 06 June 2019
Fonoff-Tasmota. https://github.com/arendst/Sonoff-Tasmota. Accessed 06 June 2019
Tatang, D., Schneider, C., Holz, T.: Large-scale Analysis of Infrastructure-leaking DNS Servers. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds.) DIMVA 2019. LNCS, vol. 11543, pp. 353–373. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22038-9_17
Acknowledgment
We would like to thank the anonymous reviewers for their valuable feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Tatang, D., Suurland, T., Holz, T. (2020). Study of DNS Rebinding Attacks on Smart Home Devices. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-42048-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42047-5
Online ISBN: 978-3-030-42048-2
eBook Packages: Computer ScienceComputer Science (R0)