Background: DNS security awareness awaken by expert conduct a simple DNSsteal to do a demonstration show how to exploit unknown function feature on DNS function in few years ago.
On April 2021, cyber security product vendor with security experts announce that a unknown TCP/IP Stack weakness in IoT.
The difference in between DNS misuse function (DNSsteal) and techincal problem announced by vendor this month was that this time it is a design weakness of IoT TCP/IP stack.
Vulnerability details: So called WRECK, it affects at least four common TCP/IP stacks—FreeBSD, IPNet, NetX, and Nucleus NET—that are used in Internet of Things (IoT). The specify flaws could be abused to perform denial of service (DoS) attacks, to execute code remotely and or take victim devices offline. For details, please refer to link – https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations/
My Comment: This IoT vulnerabilities crisis awaken IoT vendor to enhance their IoT access control function. Build trust connection function to external peer. So it will avoid the abnormalis traffic connect to your device and reduce the risk. Perhaps DNS protection should provides from service provider simultaneously.