DNS rebinding attacks are a real threat that could hit the billions of internet of things (IoT) devices in people’s homes, according to Craig Young, principal security researcher at Tripwire.
Young was speaking in the Geek Street Theatre on day three of the Infosecurity Conference at London’s Kensington Olympia.
During the session, Young explained the impact of the threat – which turns a victim’s browser into a proxy for attacking private networks – within IoT. “Over the years, I have found countless vulnerabilities in IoT products,” he said.
This is partly because IoT often uses HTTP, which is vulnerable to DNS rebinding. In the future, the consequences could be significant: Rebinding also opens new doors for botnets, according to Young.