DNS Protocol affected by a serious flaw, Internet users are at risk

Pierluigi Paganini May 05, 2014

Technion students Find a security vulnerability in the Internet DNS protocol which allows the attackers to redirect users to a  website they control.

A significant new security vulnerability has been found in the DNS protocol by a group of Israeli students from the Technion’s Department of Computer Sciences. After the Heartbleed case and the assumptions on the Covert Redirect security vulnerability affecting some implementations of the open standards for the authentication OAuth and OpenID, also in this case the vulnerability could represent a serious menace to the Internet community.

The Technion Students, Roee Hay and Jonathan Kalechstein from the Faculty of Computer Science, discovered a Loophole in Security of the DNS Protocol which allows attackers to be redirected to a bogus website while they are trying to visit a legitimate one.

dns protocol flaw Roee Hay

We all know that DNS Protocol (Domain Name System Procotocol) is one of the fundamentals of the modern Internet, it allows access to a decentralized database, enabling computers to translate the logical name of a website to its IP address. The researchers have discovered a way to force DNS servers for asking information to a specific server controlled by attackers that could respond with fake IP addresses.

““During the resolution of name to IP address, DNS servers look for the server storing the corresponding IP address,” “The weakness that the students found allows hackers to compel a DNS server to connect with a specific server chosen out of a set of potential servers. If that server is controlled by the attacker, that DNS server  will receive a false IP address. This type of cyber attack gives hackers an advantage, by causing computers to ‘talk’ with network stations that they alone control without being able to detect the occurrence of the fraud.” explains Dr. Gabi Nakibly. 

The exploitation of the vulnerability may allow an attacker to redirect users to a website they control to serve a malware or to steal its credentials thought a classic phishing schema.

“We were very surprised to find a loophole in the protocol,” “We reported it to the authorities responsible for its implementation, they responded that they were unaware of this problem, and added that they will replace the algorithms in the next software version release.” commented said Kalechstein.

Fortunately the discovery is the result of a the research conducted by the Students at Technion, security experts haven’t observed attacks exploiting the flaw.

“Since this is a complex attack chances are hackers won’t use it. Still, it’s always important to protect yourself before entering important websites like banks, health clinics and so on, in addition to making online credit-card payments as secure as possible. The best means of defense is to verify the website’s digital signature. Any self-respecting website has a digital signature, you can check it using your browser and make sure it’s real,” said Alon Goldfiz, senior systems engineer at Fortinet.. 

Since this DNS protocol is responsible for leading users to the site they desire to visit, the impact of the vulnerability is devastating, following the discovery, algorithms will be replaced in the next software version release.

Let me suggest you to give a look to the slides proposed at the last USENIX Conference by Roee Hay, the title of the presentation is “Subverting BIND’s SRTT Algorithm“.

dns protocol flaw Roee Hay attack

The best defense in this moment is to carefully check the landing website, for example verifying its digital signature.

Pierluigi Paganini

(Security Affairs –  DNS Protocol, hacking)

you might also like

leave a comment