carrier phones, unlocked phones, accessories, wearable technology, all electronics, tables,batteries, laptop, Cell Phones & Accessories, Bluetooth Headsets

Windows

LightBlog

Breaking

Friday, 22 June 2018

Millions of Roku and Sonos Devices Easily Hacked: Do this or What to do

Two days ago, we reported that Google Home and Chromecast devices were vulnerable to attacks from standard web browsers running on regular computers. Today (June 20), a researcher has revealed that Roku and Sonos streaming devices, as well as some cheap "smart" thermostats, can be attacked in the same way and that he suspects many Wi-Fi routers they may be ,


The attack is done through a process known as DNS binding, which uses a web browser like the one you are reading to directly attack smart home and Internet of Things devices on the same local Wi-Fi network. ,

"By using a victim's web browser as a kind of HTTP proxy, DNS retries can bypass network firewalls and make any device on their protected intranet accessible to an attacker on the Internet," writes Brannon Dorsey. , Web developer, artist and researcher in Chicago, published in an average article today. "Every device I hold in my hands was, in one way or another, the victim of a new DNA connection."

How to protect yourself
To guard against DNS link attacks, Dorsey recommended the free OpenDNS Home service, which can filter "external" communications from private IP addresses reserved for internal network use. (We'll explain how it works next). You must change the configuration of your router to use the Open Domain Domain Name System (DNS) servers. However, the OpenDNS site contains instructions for doing so.

Google is already working on a fix for Google Home and Chromecast devices, but will not be ready until July. Sonos and Roku are also working on arrangements. Dorsey believes, however, that these known vulnerable devices can only be the tip of the iceberg.

Why it is possible
The problem is that many smart devices, including smart TVs, cable set-top boxes, and devices, are implicitly dependent on requests from other devices on the same internal network. As with a password, there is no authorization request because the manufacturers of smart devices accept (or transfer the ball, if one sees it differently) that the network is secure and behind a firewall.

A home or office Wi-Fi network typically places all your devices in one of three "private" Internet Protocol (IP) address ranges, the 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, and 192.168. 0.0 - 192.168.255.255 respectively.
Most of these devices can communicate with each other. For example, Chromecast is controlled by any Android smartphone on the same network without asking any questions. The TiVo operates its own web server (common for smart devices), which I can see at http://172.16.42.29/index.html if it is on the same Wi-Fi network.


The DNS link attack
A malicious Web site or even a malicious web ad that any ad can buy can take advantage of this implicit trust relationship with the DNS connection. This is an old technique for bypassing network firewalls by forging IP addresses so that the commands seem to come from the home network. To paraphrase the old trope of the horror movie, the call comes out of the house.

Tell Boris Badenov that Russian cybercriminals are configuring a fraudulent DNS server. DNS servers are Internet phone directories: When you enter a web address (URL) such as tomsguide.com, your browser asks a DNS server where to go. The DNS server tells your browser that tomsguide.com is on IP 52.22.5.243 and that your browser uses your network connection to get it there.

But Boris is smart, and Boris malicious message contains a small code that calls its own website, badenov.ru. When it loads into your browser, it requests a DNS request for that URL, and this request is taken over by Boris' own DNS server.


Real attacks (proof of concept)
We've already seen how DNS recovery combined with the implicit trust of the same network can make Google Home and Chromecast reveal their physical location to an attacker.

"This attack would be successful, even if you disabled the geolocation API of your web browser and use a VPN for your tunnel traffic from another country," said Dorsey.

Dorsey said he could have used this technique to raise the temperature in a smart thermostat, launch apps, and switch the channel to Roku TV, not just to change the music of a Sonos wireless music system, but also the Sonos management interface to the Assign outside the user's home network.

"If companies with these high profiles cannot prevent DNA re-bolting," Dorsey wrote, "there must be countless other vendors."

But wait, it's getting worse
There was one thing that Dorsey did not try, though he thinks it's possible to attack a Wi-Fi router directly.

Many users do not change their standard administrative router passwords, and an attacker uses the DNS link to simply open the router's administrative web interface, such as the DNS server. 172.16.42.1/index.html, and launches a number of the known routers. the default usernames and administrator passwords. (You can find lists of these on the web.) Bingo, Hacked Router.


And it does not disappear
Dorsey says we are just beginning to see what can happen with DNS restart attacks on smart home devices because the trust model is implicitly essential to the smooth functioning of many things on the Internet. When devices have to ask for passwords, they become slower, more expensive and have a shorter lifespan.

No comments:

Post a Comment