BitSquatting

Bitsquatting refers to the registration of a domain names one bit different than a popular domain. The name comes from typosquatting: the act of registering domain names one key press different than a popular domain. Bitsquatting frequently resolved domain names makes it possible to exploit computer hardware errors via DNS.

Overview

Computer hardware, especially RAM, can suffer from random errors that manifest as corruption of one or more bits. The causes of these errors range from manufacturing defects to environmental factors such as cosmic rays and overheating. While the probability of a single error is small, the total error amount in all RAM connected to the Internet is significant. Malicious attackers can exploit these random errors remotely.

Binary: 01100110 01100010 01101001 00101110 01100111 01101111 01110110
Domain name: f b i . g o v
Binary: 01100110 01100010 01111001 00101110 01100111 01101111 01110110
Domain name: f b y . g o v

Real case abuse

Tools

Name Description Language
bitsquat_dns conduct research in bitsquatting Python3
digbit Automatic domain generation for BitSquatting Python

Research

Mitigation

Pre-registration

Cyclic Redundancy Checks

ECC Memory

References

Bitsquatting: DNS Hijacking without exploitation

Blackhat - Bitsquatting - DNS Hijacking without Exploitation

DEF CON 19 - Bit-squatting: DNS Hijacking Without Exploitation

DEF CON 21 - Examining the Bitsquatting Attack Surface

Blackhat 2011 - Bit-squatting: DNS Hijacking without exploitation