DNSpooq bugs expose millions of devices to DNS cache poisoning

DNSpooq bugs expose millions of devices to DNS cache poisoning

Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices



Millions of devices could be vulnerable to Domain Name System (DNS) cache poisoning and remote code execution attacks due to seven security flaws in dnsmasq, DNS forwarding and caching software commonly found in smartphones, desktops, servers, routers and other Internet of Things devices, according to Israel-based security company JSOF, which discovered the security holes.


Collectively dubbed DNSpooq, the vulnerabilities in the open-source utility affect a variety of devices and firmware, including those made by some of the world’s leading tech companies.


“Some of the DNSpooq vulnerabilities allow for DNS cache poisoning and one of the DNSpooq vulnerabilities could permit a potential Remote Code execution that could allow a takeover of many brands of home routers and other networking equipment, with millions of devices affected, and over a million instances directly exposed to the Internet,” warned JSOF. According to Shodan, there are almost 1.2 million dnsmasq servers exposed to the internet, with yet more vulnerable devices confined to internal networks but also at risk.


RELATED READING: DNS attacks: How they try to direct you to fake pages


Researchers identified no fewer than 40 vendors that use dnsmasq in a wide range of products and in various pieces of firmware and software. The list includes big names such as Cisco, Asus AT&T, Comcast, Siemens, Dell, Linksys, Qualcomm, ..