Skip to main content
SpringerLink
Log in
Book cover

International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems

International Workshop on Security and Privacy Requirements Engineering

International Workshop on Security, Privacy, Organizations, and Systems Engineering

International Workshop on Attacks and Defenses for Internet-of-Things

CyberICPS 2019, SECPRE 2019, SPOSE 2019, ADIoT 2019: Computer Security pp 391–401Cite as

Study of DNS Rebinding Attacks on Smart Home Devices

  • Conference paper
  • First Online:

  • 1681 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11980))

Abstract

DNS rebinding is an attack technique know for more than 20 years, which is experiencing a revival caused by the ever-increasing networking of Internet of Things (IoT) devices. Thus, the potential attack surface is growing rapidly, and this paper shows that DNS rebinding attacks on many smart home devices are still successful. Nevertheless, various conditions must be fulfilled for this type of attack. This leads to the fact that such attacks rarely occur in practice since router vendors often provide DNS rebinding protection. Nevertheless, we believe that it is valuable to investigate whether individual devices are theoretically vulnerable and to create a certain awareness so that the existing countermeasures are used correctly.

As part of this paper, we conducted a study analyzing five devices, four smart home devices and one router as a smart-home gateway connected with the IoT products. Three out of four of the smart home devices are vulnerable, and the router is partially vulnerable because queries reach localhost despite activated DNS rebinding protection; thus, services on localhost are vulnerable. This indicates that the manufacturers of smart home devices rely on the countermeasures of the routers in the first place, but it might even improve the security of the devices if they already implement their own additional countermeasures.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Acar, G., Huang, D.Y., Li, F., Narayanan, A., Feamster, N.: Web-based attacks to discover and control local IoT devices. In: Proceedings of the 2018 Workshop on IoT Security and Privacy (2018)

    Google Scholar 

  2. DNS Rebinding Exposes Half a Billion Devices in the Enterprise. https://armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/. Accessed 06 June 2019

  3. CVE - Common Vulnerabilities and Exposures. https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=DNS+Rebinding. Accessed 06 June 2019

  4. Dai , Y., Resig, R.: FireDrill: interactive \(\{\)DNS\(\}\) rebinding. In: 7th \(\{\)USENIX\(\}\) Workshop on Offensive Technologies (2013)

    Google Scholar 

  5. Dean, D., Felten, E.W., Wallach, D. S.: Java security: From HotJava to Netscape and beyond. In: IEEE Symposium on Security and Privacy (1996)

    Google Scholar 

  6. DNS Attack Scenario, February 1996. http://sip.cs.princeton.edu/news/dns-scenario.html. Accessed 06 June 2019

  7. Grossman, J., Fogie, S., Hansen, R., Rager, A., Petkov, P.D.: XSS Attacks: Cross Site Scripting Exploits and Defense. Syngress (2007)

    Google Scholar 

  8. Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from DNS rebinding attacks. In: ACM Conference on Computer and Communications Security (CCS) (2007)

    Google Scholar 

  9. Johns, M., Lekies, S., Stock, B.: Eradicating DNS rebinding with the extended same-origin policy. In: USENIX Security Symposium (2013)

    Google Scholar 

  10. Johns, M., Winter, J.: Protecting the intranet against “JavaScript malware” and related attacks. In: M. Hämmerli, B., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 40–59. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73614-1_3

    Chapter  Google Scholar 

  11. Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: ACM Conference on Computer and Communications Security (CCS) (2007)

    Google Scholar 

  12. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)

    Article  Google Scholar 

  13. Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., Lear, E.: Address allocation for private internets. RFC 1918, RFC Editor, February 1996

    Google Scholar 

  14. Roskind, J.: Attacks against the netscape browser. In: Talk at the RSA Conference (2001)

    Google Scholar 

  15. Singularity of Origin. https://github.com/nccgroup/singularity. Accessed 06 June 2019

  16. Fonoff-Tasmota. https://github.com/arendst/Sonoff-Tasmota. Accessed 06 June 2019

  17. Tatang, D., Schneider, C., Holz, T.: Large-scale Analysis of Infrastructure-leaking DNS Servers. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds.) DIMVA 2019. LNCS, vol. 11543, pp. 353–373. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22038-9_17

    Chapter  Google Scholar 

Download references

Acknowledgment

We would like to thank the anonymous reviewers for their valuable feedback.

Author information

Authors and Affiliations

  1. Ruhr University Bochum, Bochum, Germany

    Dennis Tatang, Tim Suurland & Thorsten Holz

Authors
  1. Dennis Tatang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tim Suurland
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thorsten Holz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dennis Tatang .

Editor information

Editors and Affiliations

  1. Open University of Cyprus, Latsia, Cyprus

    Sokratis Katsikas

  2. IMT Atlantique, Brest, France

    Frédéric Cuppens

  3. IMT Atlantique, Brest, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, GA, USA

    Annie Antón

  8. University of Piraeus, Piraeus, Greece

    Stefanos Gritzalis

  9. Technical University of Berlin, Berlin, Germany

    Frank Pallas

  10. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany

    Jörg Pohle

  11. Ruhr University Bochum, Bochum, Germany

    Angela Sasse

  12. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  13. University of Plymouth, Plymouth, UK

    Steven Furnell

  14. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tatang, D., Suurland, T., Holz, T. (2020). Study of DNS Rebinding Attacks on Smart Home Devices. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-42048-2_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-42047-5

  • Online ISBN: 978-3-030-42048-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation