A flaw in the DNS of Amazon and Google allowed hackers to sneak in through the company’s secret networking settings, leading to revelation of computer and employee identities alongside workplace location and open online pages.
The flaw has been recognised and taken care of by the companies.
The vulnerability, which was addressed in a Black Hat USA 2021 lecture last week, is part of a new class of vulnerabilities affecting major DNS-as-a-Service (DNSaaS) providers, according to specialists from cloud security firm Wiz.
Ami Luttwak, co-founder, CTO, at Wiz, claimed that the bug is still likely to spread across wider platforms even though it has been tackled on a temporary basis by the two concerned companies in this case.
According to Luttwak, the bug allows an adversary to undertake unparalleled reconnaissance on a target – specifically, any susceptible corporate network that allows this type of network eavesdropping accidently.
The vulnerability was discovered by Wiz, and it affected DNSaaS providers Amazon Route53 and Google Cloud DNS, both of which quickly corrected the flaw in February.