What is DNS Spoofing? | Gryphon Skip to content

Try Gryphon Risk-free for 30 Days → Shop Now


What is DNS Spoofing or DNS Poisoning?

Written by: John Wu / May 13, 2022

Update from John Wu, Gryphon CEO (6/17/2022): A recent bug discovered in DNS code has puts millions of routers and IoT devices at risk. How do you if you have one of those devices? Our engineers decided to create a free, simple Android app that you can use to scan for compromised devices. You can download the app right here to start scanning your network immediately.

Read on to learn more about DNS spoofing and how it can impact your home and data security. 

Does DNS poisoning affect me?

You may have seen a number of technology media recently reporting an unpatched DNS bug that has put millions of routers and smart connected devices at risk of being hacked.  You might be asking yourself: Is this that big a deal, and does it really affect me?

If you happen to have one of these devices, the short answer is yes.

What is DNS? 

Let’s understand what DNS is. DNS stands for Domain Name System. It’s basically an address lookup-up service for when you need to access a website. Each website has an IP address that looks something like this: Instead of remembering this long number each time you visit a site, the DNS allows you to just tell your browser to go to www.facebook.com. Your router or IoT device will then go to a DNS server and ask it for the actual IP address. This request happens seamlessly in the background, unseen by you.

How does DNS spoofing work? 

Due to a bug in the DNS service of some routers and smart devices, your Internet’s background communication can get hijacked using a technique called DNS spoofing, also known as DNS poisoning. Basically, this hack floods the router with a fake or spoofed IP address. Instead of pulling up your bank’s login page, your browser will pull up a fake page that looks exactly like your bank’s page. When you try to log in, the hacker can capture your password, or even redirect you to a page that downloads a virus on your computer.

In a normal working DNS service, each request uses a randomly generated ID that makes it virtually impossible to spoof the response. With the recently discovered bug, many DNS services are generating predictable IDs. That predictability makes it very easy for the hacker to spoof the response. Essentially, they say: This is the way to your bank, and you can trust me because I know this ID. Then, when you get to the wrong location and enter your personal details these hackers can steal your private information and ultimately your most important assets.

Yes, it’s as bad as it sounds!

How to avoid DNS spoofing 

So how do you protect yourself? One way is to make sure you have multi-factor authentication turned on for your most important logins. The most common way is for your bank to send a code to your phone when you log on or to use an authentication app. Even if someone steals your password, they can’t get into your accounts. You can also protect yourself by making sure you have a secure Wi-Fi router that has automatic software updates.  So when the router company does fix the problem, your router is immediately updated and armed against hijackers.

What about Gryphon systems?  

Gryphon recognizes how concerning this bug is. We have verified that this bug does not impact any Gryphon parental control and advanced security mesh Wi-Fi router systems. Gryphon routers also feature automatic patch updates to combat any similar issues that may arise in the future.

In addition, our team is currently working on an app you can use to check if your non-Gryphon systems are vulnerable to DNS spoofing – you can sign up here to be the first to learn when it’s available. Our goal is for you to be able to binge your favorite Netflix series, with the confidence in knowing your network maintains the highest level of security.

Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk | Nozomi Networks
Unpatched DNS Bug puts Millions of Routers, IoT Devices at Risk | Threatpost