Nearly a half-billion Internet of Things devices are vulnerable to cyberattacks at businesses worldwide because of a 10-year-old security flaw, according to a new report from a security software vendor.
The report was published Friday by Armis, a provider of Internet of Things security software for enterprises that focuses on detecting threats in IoT devices at workplaces. The Palo Alto, Calif.-based company has previously made security disclosures, including the BlueBorne malware attack that impacted 5 billion IoT devices.
The web exploit in question is called DNS rebinding, an attack first disclosed at the RSA Conference in 2008 that allows an attacker to bypass a network firewall and use a victim’s web browser to access other devices on the network. The attacker can gain access to the web browser through a malicious link enclosed within an email, banner ad or another source. This can leave devices susceptible to data exfiltration, compromise and hijacking, the latter of which could lead to a botnet attack similar to the Mirai malware that took down major websites in 2016.