Validating resources located at non public ip addresses
I notified Google about this vulnerability when I discovered it in March and again in April after receiving no response.
After finding and exploiting this vulnerability in the very first device that I poked around with, I feared that there were likely many other Io T devices that could also be targeted.If companies with such high profiles are failing to prevent against DNS rebinding attacks there must be countless other vendors that are as well.).The first mention of this service that I’ve been able to find surfaced back in 2013 when Brandon Fiquett wrote about a Local API he found while sniffing the Wi Fi traffic to his Chromecast.They operate in a sort of walled garden, safe from external threat. A few months ago, I began to follow a winding path of research into a 10 year-old network attack called DNS rebinding.
Put simply, DNS rebinding allows a remote attacker to bypass a victim’s network firewall and use their web browser as a proxy to communicate directly with devices on their private home network.
He actually created a Po C for the geolocation attack scenario that I described above, but never implemented!