Discovering and Hacking IoT Devices Using Web-Based Attacks

DNS rebinding attacks have been the topic of ongoing discussion for twenty years. Despite their efforts, browser vendors still can’t find a stable defence against these attacks. They were reported to have been be fixed eight years ago. However, this type of attack has resurfaced against a new attack vector. In general, it’s safe to say that the upcoming trend for malicious hackers will consist of a combination of multiple existing attacks, forming new attack vectors. The DNS rebinding attack that made the cryptocurrency wallets vulnerable is a good example of these new attack vectors. In this article, we discuss the research conducted at Princeton and UC Berkeley on web-based attacks carried out against Internet of Things (IoT) devices which led to the discovery, hacking and takeover of these devices. The research was published in August, 2018.