Securing the Internet of Things: Combating DNS Tunnelling Threats

· IoT,IoTsecurity

In today's digital landscape, businesses heavily rely on the Domain Name System (DNS), especially within the Internet of Things (IoT). With IoT devices proliferating, DNS becomes crucial for network communication, connecting devices to servers and facilitating seamless data exchange.

Consider a scenario where you want to access a website like "redalertlabs.com." When you enter the URL into your browser, DNS translates this domain name into an IP address, enabling servers to understand and process your request. This translation simplifies web interaction, as humans find it easier to remember domain names than numerical IP addresses.

However, the widespread trust in DNS has led to a significant oversight in securing data transmitted through this system. This complacency has attracted attackers who exploit DNS vulnerabilities to conduct malicious activities, particularly through techniques like Data Tunneling. In this article, we will explore data tunnelling, its mechanisms, and strategies to mitigate its adverse effects, especially in IoT ecosystems.

What is Data Tunneling?

DNS tunnelling is a technique where the DNS protocol, responsible for translating domain names into IP addresses, is manipulated to hide and encode data or commands within DNS queries or responses. This method is used for various nefarious purposes, such as exfiltrating data, controlling malware, or accessing restricted resources.


How Data Tunneling Works

Imagine an attacker registering a domain, say attacker.com. The domain's name server is directed to the attacker's server, hosting a tunnelling malware program. The attacker then compromises a computer behind a corporate firewall with malware. DNS requests, typically allowed through firewalls, enable the infected computer to send a query to the DNS resolver, which forwards the request to root and top-level domain servers.

The DNS resolver eventually redirects the query to the attacker's command-and-control server, establishing a covert connection between the victim and the attacker via the DNS resolver. This tunnel allows data exfiltration or other malicious activities, making it difficult to trace the attacker's computer due to the absence of a direct link between the attacker and the victim.

 

broken image

source: www.zscaler.com

DNS Tunnelling in IoT

In our homes and personal lives, we use various connected devices like smart lamps, fridges, and smartwatches, all part of the IoT family. These devices need internet communication to function, relying on DNS. Attackers exploit this by using DNS tunnelling to communicate with IoT devices undetected, sending commands, stealing information, or using the devices to attack other systems, all under the guise of normal DNS traffic.

This is particularly concerning because many IoT devices lack adequate security, making them easy targets. A stark example is the Mirai Botnet, which commandeered thousands of IoT devices, including cameras and routers, to launch massive attacks on websites, rendering them inaccessible.

Preventing DNS Tunnelling

To combat DNS tunnelling, several security measures can be implemented:

  1. DNS Traffic Monitoring: Employing tools to detect suspicious or unauthorised DNS activities.
  2. Create Query Rules: Establishing rules for unusual DNS query strings and regulating the length, type, or size of outbound and inbound DNS queries.
  3. DNS Filtering: Configuring filtering rules to block access to malicious or unauthorised domains.
  4. Intrusion Detection Solutions: Using DNS firewalls or security services to detect and block malicious DNS traffic.
  5. Data Encryption: Implementing encryption and using VPNs or proxies to secure communications.
  6. User Training and Awareness: Educating users on DNS risks and security best practices, such as verifying links before clicking and monitoring for suspicious activities.

Conclusion

DNS tunneling poses a significant threat within the Internet of Things (IoT) ecosystem, where many devices remain vulnerable. By exploiting weaknesses in the DNS protocol, attackers can infiltrate networks, exfiltrate data, or control compromised devices. To counter these risks, enhancing DNS traffic monitoring, implementing strict filtering rules, and raising user awareness of security best practices is essential. These measures will help effectively protect IoT infrastructures against these stealthy threats.

To effectively safeguard your IoT infrastructure against DNS tunneling threats, consult with our experts at Red Alert Labs. Our specialized knowledge in IoT security, combined with comprehensive risk management and certification services, will help you secure your devices from chip to cloud and ensure robust protection throughout the entire lifecycle of your IoT solutions.

 

Mohamed Diouf, IoT Security Evaluator of Red Alert Labs

 

Subscribe
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save