Short answer: Only If You’ve Already Been Hacked
Fascinating game of “telephone” over the past week which started out as some research on how hackers could embed images into DNS TXT records, and wound up proclaiming,
“Newly published research shows that the domain name system—a fundamental part of the web—can be exploited to hide malicious code and prompt injection attacks against chatbots”
Oh dear.
I first came across this from the other end via the Wired piece, and worked my way backwards, though Ars Technica (who Wired reposted it from) – which cites a recent Domaintools research that referenced the original security report.
DNS exfiltration has been around a long time. That’s when intruders who are already inside your system use DNS lookups to copy sensitive data from inside your firewall out. It’s a method that can sometimes succeed in avoiding detection from cybersecurity systems monitoring for unauthorized file transfers.
This is the flipside, so DNS infiltration, but the Ars Technica (and WIRED) tellings of this angle glosses over the most important part:
“An attacker who managed to get a toehold into a protected network could then retrieve each chunk using an innocuous-looking series of DNS requests”
The site has to already be compromised.
Unfortunately the framing is such that it makes it appear (at least to me) as though DNS – which is the dialtone of the internet and every client and device must use, all the time, provides a unique attack vector against chatbots.
That is not the case – in fact the article never really connects how or if any chatbots have actually been compromised via DNS infiltrated data – just that Domaintools researchers have found TXT records encoding strings that can be used in prompt injection attacks.
Domaintools is a passive DNS analytics company that looks at this stuff all day long, across millions of domain names – I can assure you, they find all kinds of things (it would not surprise me one iota to find somebody, somewhere encoded a Bitcoin seed phrase into a DNS TXT record, thinking that would be a clever place to stash it).
What DNS does provide via this vector is a way to try to surreptitiously move data into or out of a network – what it does not do is provide some magical way to compromise a system that isn’t already vulnerable to other vectors.
Said differently, DNS isn’t the vulnerability – it’s within a very narrow context a medium.
It reminds me of the Sitting Duck “vulnerability” scare (that about a hundred people forwarded to me) that framed DNS has somehow opening some kind of security hole when in fact the entire issue was just bad management and registrar complacency.
Running a Bitcoin, FinTech or other mission critical domain name? Get our white paper on what the real DNS based vulnerabilities are – Download Now »
Apply for a Domainsure Invite
Get a Free Domain Health Check
Due to high demand: allow up to 24 hours for report delivery.
