IoT Devices at Risk from C Standard Library Bug

IoT Devices, Smart Home, image by Adobe Stock

There were more than 10 billion active IoT devices in 2021, and with that number likely to increase exponentially over the next several years, IoT devices have emerged as an attractive target for hackers.

A 2020 report from the Ponemon Institute found that 90% of the security experts surveyed believed that cyberattacks against their companies’ IoT deployments were imminent. Furthermore, fewer than 42% of the organizations represented felt qualified to identify the kinds of vulnerabilities that hackers exploit.

This is particularly troubling when one reviews NETSCOUT’s 2018 Threat Intelligence Report, which claims that hackers will attack improperly secured IoT devices within around 5 minutes from their initial connection to the internet. Time has seen these attacks grow in complexity and methodology, yet one of the latest attacks to target IoT devices is using one of the most rudimentary methods to do so.

C programming language, coding, Image by Adobe Stock

New DNS Poisoning Attack is Targeting a C Standard Library

Researchers with OT and IoT Security firm Nozomi Networks have identified a vulnerability in all versions of the uClIbc and uClibc-ng C standard libraries commonly employed in IoT devices. Predictable transaction IDs included in DNS requests generated by the library are being exploited to issue DNS Poisoning attacks. 

These incursions can trick a DNS client into accepting forged responses to communicate with an endpoint other than the one intended. These “Man-in-the-Middle” attacks may allow hackers to steal and/or manipulate sensitive information, or otherwise compromise IoT devices and the network infrastructure to which they belong.

“Threat actors are increasingly focused on delivering vulnerabilities through open-source software libraries and exploiting them through IoT devices,” said Bud Broomhead, CEO at IoT Security platform Viakoo.

Unfortunately, the maintainer of these libraries has thus far been unable to identify a solution to this issue, so the vulnerability remains unpatched. As such, Nozomi has not released the names of any specific devices that have been affected by this vulnerability, though has identified a “range of well-known IoT devices” that are likely found “throughout all critical infrastructure.”

How Do Hackers Use C Programming Languages to Attack IoT Devices?

For IoT devices, C programming languages are essential to the functionality of microcontrollers – a fact that makes the programming language quite prominent across the spectrum of the technological world. This has made it a fairly common avenue for hackers to target IoT devices. 

C programming is often used to access and manipulate system resources and hardware components such as RAM through the creation of programming scripts. This makes it an ideal avenue for hackers looking to take control of hardware via their operating systems. C is also often the native language for security provisions, which makes it a common avenue for exploits.

Many of the most common attack patterns can be traced back to C programming. This includes many forms of malware, as well as things like: 

  • Shellcodes – This attack spawns a command shell (via command-line interpreter) that masks the hacker’s attempts to control an affected system. 
  • Rootkits – A collection of malware that allows bad actors to remotely execute commands and change system configurations on a host device while masking its existence from the rest of the system.
  • Keyloggers – Programs that record the commands entered in an interface that can then be used to monitor or steal information without the user knowing.

The Best Defense is Constant Updates

Cyber security is an essential element to any successful deployment, yet most IoT devices are shipped with inadequate security measures and known vulnerabilities. Many devices are then deployed with these easily exploitable vulnerabilities still in place, making it easy for attackers to gain access to their information.

Simple tasks like updating and patching firmware or changing default passwords can dramatically improve the security of a deployment. Soracom users have access to a number of unique security measures as well, from private networking tools like  Soracom Door and Soracom Canal to the carrier-grade encryption offered by every Soracom IoT SIM card.


Do you have questions about an IoT project? Speak with one of our experts today to learn how Soracom has helped more than 20,000 innovators deploy, scale, and secure their IoT projects.