How many "smart" devices do you have connected to your home or company network?  It's probably a higher number than you originally estimated.  However large that number is, it pays to be aware that IoT devices are some of the least secure devices available on the market today, which makes them the weakest link in terms of hackers successfully attacking your network.

In fact, there are millions of IoT devices that are vulnerable to a critical security flaw residing in the DNS component of a C Standard library that all sorts of firmware developers make use of.  That means that right now, there are literally millions of ticking time bombs out there and one or more of them could be connected to your network.

There are two libraries to be aware of here:  uClibc and its fork, developed by the OpenWRT team.  You'll find major companies like Linksys, Axis, and Netgear making use of both on a regular basis, and you'll even find it in some Linux distributions.

Unfortunately, at the time this article was written, there are no fixes available from the developer which leaves the products of more than 200 different vendors at risk.

Essentially, the flaw relies on a predictable transaction ID for DNS lookup requests.  It is that predictability that creates the vulnerability and allows a clever hacker to "trick" a vulnerable device into pointing to an arbitrarily defined end point specified by the hacker, which would have the effect of rerouting your network traffic to a server under the control of the hackers.

As you can imagine, that would cause no end of trouble for you and your company. That is because the hackers would then have perfect visibility into everything you do on your network and would be able to inject any sort of malware into any system on your network.

There's no simple solution here except to disconnect any vulnerable IoT devices from your network and contact the developers who maintain the library and demand immediate action.  A fix is currently in the works, but adding your voice to the rapidly growing chorus can't hurt.

________________________________________________________________________________________________________

"Fortune Favors Who Value Time over Money!"

"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?

     "We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.

We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.

For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/

Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!

Used with permission from Article Aggregator