TheStack.Technology published an interesting and troubling piece on security researchers figuring out how to take control over any .ai domain name they wanted. Luckily they did report their findings to the proper parties and patches were applied. Still an interesting read.
From the article:
A group of security researchers exploring how to hack domain registries ended up with the ability to gain “full control over any .ai domain.”
Sam Curry, Brett Buerhaus, Rhys Elsmore, and Shubham Shah, in a striking bit of research, also gained the ability to control the DNS zones of 19 other top-level domains (TLDs) they said in a June 12 report – including the .ly used by a domain shortener with over five million monthly users.
(The .ai top-level domain is widely used by AI startups, with over 170,000 registered users. The researchers could have pulled them offline – or abused this control creatively and maliciously in a great many ways.)