Study of DNS Rebinding Attacks on Smart Home Devices

Dennis Tatang, Tim Suurland, Thorsten Holz

International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT) 2019, co-located with ESORICS 2019 in Luxembourg, September 2019


DNS rebinding is an attack technique know for more than 20 years, which is experiencing a revival caused by the ever-increasing networking of Internet of Things (IoT) devices. Thus, the potential attack surface is growing rapidly, and this paper shows that DNS rebinding attacks on many smart home devices are still successful. Nevertheless, various conditions must be fulfilled for this type of attack. This leads to the fact that such attacks rarely occur in practice since router vendors often provide DNS rebinding protection. Nevertheless, we believe that it is valuable to investigate whether individual devices are theoretically vulnerable and to create a certain awareness so that the existing countermeasures are used correctly.

As part of this paper, we conducted a study analyzing five devices, four smart home devices and one router as a smart-home gateway connected with the IoT products. Three out of four of the smart home devices are vulnerable, and the router is partially vulnerable because queries reach localhost despite activated DNS rebinding protection; thus, services on localhost are vulnerable. This indicates that the manufacturers of smart home devices rely on the countermeasures of the routers in the first place, but it might even improve the security of the devices if they already implement their own additional countermeasures.


tags: DNS