Millions of Internet Connected Devices Compromised, Is Your New Oven Acting Weird? | Ron Benvenisti

Researchers just discovered a prolific vulnerability that is affecting millions of internet connected devices. IoT for short. These devices can be anything from blood infusion devices, pacemakers, and everything in between including numerous devices in our homes.

Most new appliances and industrial control systems like Municipal Water Systems, Electric Grids, Emergency Services, Healthcare Devices and many more can affect entire communities. Newer devices in your home have some sort of network connectivity, like thermostats, ovens, security systems and I can go on and on. Oh, and I forgot to mention your car. It doesn’t have to be electric, or brand new either.  Millions!

For the techies, the vulnerability is in a router’s DNS component.

For the coders, uClibc and uClibc-ng , are popular C standard libraries used by major vendors—such as Netgear, Linksys, and Axis—in millions of Internet of Things (IoT) devices and routers.

The vulnerable devices and routers, potentially impacting 200 vendors, may allow threat actors to perform DNS poisoning attacks in which the targeted device is redirected to a malicious website hosted on a server under their direct control. Threat actors may then steal or manipulate data transmitted by users and conduct other cyberattacks against those devices.

That can be anything from disabling your security system, adjusting your thermostat, turning off your fridge, change the settings on your oven and I can go on and on.

Unfortunately, there are currently no fixes at the time of this writing. Or is there? See Author’s note below.

Author’s Note: A couple of years ago I participated in a tabletop exercise at the NJ Regional Operations Training Center run by FEMA. To make a long story short we enacted a scenario where one IoT device was compromised. Through that connection it was possible to locate and control the chlorination system of a municipal water supply. As the chlorine was increased, people who drank the water, bathed in it or cooked with it were severely injured. The emergency services became completely overwhelmed; hospital capacity was exhausted. Soon after, the electric grid was compromised and completely shut down. No lights, no traffic lights, dying cell phones. In other words, everything came to a halt, and people were dying. This same scenario could affect large cities as well. Even destroy entire Kingdoms.

This frightening situation brings the following thought to mind. Here we have a new way of getting instructions and information (albeit digital) that have the potential to be  unimaginably horrific. This is alluded to in Ezekiel, 20: 5:3 where the Prophet refers to “seeking instruction and information always refers to help from Hashem.” (See S.R. Hirsch on the Haftorah of Parshat Kedoshim).

We are in a (Golus). I call this the exile of the age of communication and technology where it can be used as a blessing or a curse. It is a time of a great test from Hashem for us and all the nations on Earth. I am of the opinion that communication and technology are a type of Avodah Zarah, Idol Worship, by us, Chas V’Shalom and certainly by our enemies.

The only answer I can proffer is to realize that we must only seek and increase taking our instructions and receiving our information from the Holy Torah. Only in this manner can we  succeed in overcoming the satanic evil in this exile and Hashem will redeem us. “I am God, Your God.” There are no others.

Despite the comforts offered by the material world, we must never be fooled by their potential for evil. This is our test. From where will we seek comfort? Individually and as a people? From the Borei Olam, Hakadosh Baruch Hu.

There are also MILLIONS of Jews who can counter this plague by getting their information and instructions only from the Word of God, directly, from the Holy Torah in order to establish His Kingdom here on Earth. B’Karov. It is really up to us to fix. We must be up to the task. There is no other “fix.” Chazak V’Amatz.

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

4 COMMENTS

  1. I don’t know if this would help for such a hacking, but several years ago a good friend pointed out that he only connects smart home devices to his guest network. By having them on different wifi connections it provides a layer of protection between his computers/phones that contain a lot of personal data and those devices that may be vulnerable or stealing your data and sending it back to their manufacturers.

    It doesn’t make it safe, but a bit safer.

    • Several years ago this type of hack was unknown. Today, if you are asking a question, the answer is no, it does not make it safer. If you are giving an answer, no. Frankly, I wish I had something else to tell you. This attack is unique.

      The suspicion is that it’s a problem with the routers and/or the code that all your connected devices go through that single point of failure. It may be that if you used your phone as a hotspot with a VPN on it and thus avoided the internet completely, to by pass your router’s connection, that could work. The cost would be very slow connection speeds and hoping that your phone provider and your VPN providers routers are not vulnerable. That’s just theoretical.

      If you divide millions by one millionth of the millions, in the scope and scale of this persistent attack scenario that’s the amount of safety you might provide only for yourself. I suspect that your phone would be practically useless and the smart devices may not like it.

      This is the worst malware we have seen yet and has the capability to create the equivalent devastation of a nuclear Electromagnetic Pulse, except that an EMP would be instantaneous.

  2. Please cite some of the research that backs up your statements. You reference them in the first sentence but do not name a single one. Thanks in advance.

    • You will find many flaws of this magnitude since 2020 with a simple search, however these have been quickly identified and patched. What I am referring to is a previously unseen attack on the items mentioned (and likely more) in the article. Since there is no fix at this time and the matter is under investigation by CISA, I cannot go into any further detail as this is a foreign actor with national security implications. You may try your hand at examining the code libraries referred to and you may try to contact any of the known manufacturers listed ,as a customer, if you are one, they will refer you to IC3 to report, but you must have a real incident. I cannot tell you anymore than that, at this time.

Comments are closed.


© Copyright | The Lakewood Scoop. All Rights Reserved