DNS Protocol Suffer from the Major Vulnerability, Leaving user under Risk

After the discovery of the major vulnerability "Heartbleed" on the Open SSL, many organizations are being found victims of the vulnerability. Two days before another major vulnerability dubbed Covert Redirect was reported on the authentication OAuth and OpenID. But this may not be the end yet, as another security vulnerability is being reported.

A significant new security vulnerability has been found in the DNS protocol by a group of Israeli students from the Technion’s Department of Computer Sciences, which allows the attackers to redirect users to a website they control.

The Technion Students, Roee Hay and Jonathan Kalechstein from the Faculty of Computer Science discovered a Loophole in the Security of the DNS Protocol which allows attackers to be redirected to a bogus website while they are trying to visit a legitimate one.

What is DNS?

DNS is the master address list for the Internet, which translates IP addresses into human-readable form and vice versa. The DNS translates Internet domain and host names to addresses. DNS automatically converts the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites.

The researchers have discovered a way to force DNS servers for asking information to a specific server controlled by attackers that could respond with fake IP addresses.

Dr. Gabi Nakibly. explains the process as follows,

“During the resolution of name to IP address, DNS servers look for the server storing the corresponding IP address,” “The weakness that the students found allows hackers to compel a DNS server to connect with a specific server chosen out of a set of potential servers. If that server is controlled by the attacker, that DNS server will receive a false IP address. This type of cyber attack gives hackers an advantage, by causing computers to ‘talk’ with network stations that they alone control without being able to detect the occurrence of the fraud.”

With the vulnerability, attackers can redirect a mass number of users to a website they control to serve malware or a phishing website to steal the user's information.

“We were very surprised to find a loophole in the protocol,” “We reported it to the authorities responsible for its implementation, and they responded that they were unaware of this problem, and added that they will replace the algorithms in the next software version release.” commented said Kalechstein.

As the discovery was a result of the research conducted by the Students at Technion, security experts haven’t observed attacks exploiting the flaw.

“Since this is a complex attack chances are hackers won’t use it. Still, it’s always important to protect yourself before entering important websites like banks, health clinics and so on, in addition to making online credit-card payments as secure as possible. The best means of defense is to verify the website’s digital signature. Any self-respecting website has a digital signature, you can check it using your browser and make sure it’s real,” said AlonGoldfiz, senior systems engineer at Fortinet..

What to DO?

Till yet a patch for the vulnerability is not been released, users are advised to check the URL of the visiting link and also check the URL of the page which asked for any credentials. And for malicious pages, keep your antivirus or anti-malware program updated, and also you can install the various browser extension of the antivirus.

Source:- securityaffairs
Image:- THN