How To Take Over Almost Every .mobi Site For $20

I’ll Take “WHOIS A Domain That Should Never Be Allowed To Expire” For $500 Alex.
It can be rather annoying when your domain is about to expire, with dozens of registrars you’ve never heard of sending emails demanding you re-register with them; sometimes claiming you already owe money because they registered the site for you. There are certs to deal with and if you are lucky DNS settings to deal with. The same is true of sites we depend on to be trustworthy, as they are used to verify the ownership of sites, the legitimacy of emails and even TLS or SSL certificates. If the ownership of one of those domains expires due to inattention or because the owners moved to a different domain, very bad things can happen.
This just happened with dotmobilregistry.net, which used to be the WHOIS authority for any .mobi site, not so much an address you visit as it was a top level domain used to indicate a site was optimized for mobile usage. The owners migrated the site to whois.nic.mobi and let ownership of the old site lapse. The problem being that a huge number of devices did not know that and continued to query the old site when verifying traffic.
This was noticed, thankfully by a security researcher, who grabbed ownership of dotmobilregistry.net for $20. That meant that he could feed whatever information he felt like to the 2.5 million queries from about 135,000 unique systems he saw over the course of a few days. He could have generated fake TLS/SSL certificates, track emails and even trick those systems into running code when they queried the site to verify traffic. This is officially known as a bad thing.
Thankfully he only used it to distribute ASCII art to systems querying the site, and has passed ownership onto a security company for safe keeping. This is not the first time something like this has happened and certainly won’t be the last, so be safe out there.
The domain was once the official home of the authoritative WHOIS server for .mobi, a top-level domain used to indicate that a website is optimized for mobile devices. At some point—it’s not clear precisely when—this WHOIS server, which acts as the official directory for every domain ending in .mobi, was relocated, from whois.dotmobiregistry.net to whois.nic.mobi.
More Tech News From Around The Web
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack @ The Register
- Ivanti fixes maximum severity RCE bug in Endpoint Management software @ Bleeping Computer
- Proposed underwater data center surprises regulators who hadn’t heard about it @ Ars Technica
- Microsoft fixes Windows Server performance issues from August updates @ Bleeping Computer
- The future everyone wanted – in-car ads tailored to your journey and passengers @ The Register
- Here is Why You Should Fully Populate Memory Channels on CPUs Featuring AMD EPYC Genoa @ ServeTheHome
- Apple owes billions in back taxes over Ireland state aid rule break @ The Register
- Former Samsung Execs Arrested For Using Stolen Tech To Build Chip Factory In China @ Slashdot
- Huawei’s $2,800 trifold phone is a real thing it wants people to hold and use @ Ars Technica
- First Neutrinos Detected At Fermilab Short-Baseline Detector @ Slashdot