Severe Vulnerabilities Discovered in Software to Protect Internet Routing
A research team from the National Research Center for Applied Cybersecurity ATHENE led by Prof. Dr. Haya Schulmann has uncovered 18 vulnerabilities in crucial software components of Resource Public Key Infrastructure (RPKI). RPKI is an Internet standard meant to protect Internet traffic from being hijacked by hackers. By now, all affected vendors provided patches for their products. The vulnerabilities could have had devastating consequences: Internet hijacks have already been exploited, e.g., for phishing passwords and other sensitive information, tricking certificate authorities into issuing fraudulent Web certificates, stealing cryptocurrency, distributing malware, and poisoning caches of DNS servers.
The ATHENE team consisting of Prof. Dr. Haya Schulmann and Niklas Vogel, both from Goethe University of Frankfurt, Donika Mirdita from TU Darmstadt, and Prof. Dr. Michael Waidner from TU Darmstadt and Fraunhofer SIT uncovered and disclosed 18 vulnerabilities. The National Vulnerability Database (NVD), operated by the US National Institute of Standards and Technology (NIST), assigned five Common Vulnerabilities and Exposures (CVE) entries to these vulnerabilities, some critical with a score of 9.3 out of 10. The team used a testing tool, CURE, which they developed specifically for this project and which ATHENE makes available free of charge to all developers of RPKI software. The researchers found vulnerabilities in all popular implementations of the validator component of RPKI. They range between crashes, violation of standard behavior, and even severe bugs that allow a network adversary to completely take over an RPKI certificate hierarchy in order to inject its own trust anchor – effectively being able to forge authentic and valid yet bogus routing information (i.e., BGP announcements). It is unknown whether any of the vulnerabilities were already exploited by hackers in the wild.
RPKI is a relatively new standard. Today, about 50% of the Internet’s network prefixes are covered by RPKI certificates, and 37.8% of all Internet domains validate RPKI certificates. In particular, many large providers and operators support RPKI, e.g., Amazon Web Services, Cogent, Deutsche Telekom, Level 3, and Zayo.
The research work was carried out in the ATHENE research area Analytic Based Cybersecurity (ABC) (more information at https://abc.athene-center.de/en/ ) and appeared at the 2024 Network and Distributed System Security (NDSS) Symposium in San Diego, California, USA. The research paper can be downloaded from https://www.ndss-symposium.org/ndss-paper/the-cure-to-vulnerabilities-in-rpki-validation/. The testing tool CURE developed and used by the researchers to uncover the vulnerabilities can be downloaded from https://github.com/rp-cure/rp-cure.
Kontakter
Mrs. Cornelia Reitz
cornelia.reitz@athene-center.deAbout us
The National Research Center for Applied Cybersecurity ATHENE is a research center of the Fraunhofer Society that brings together the Fraunhofer Institutes for Secure Information Technology (SIT) and for Computer Graphics Research (IGD), Technische Universität Darmstadt, Goethe-Universität Frankfurt am Main, and Darmstadt University of Applied Sciences. With more than 600 scientists, ATHENE is Europe's most prominent cybersecurity research center and Germany’s leading scientific research institution in this domain. ATHENE is supported by the German Federal Ministry of Education and Research (BMBF) and the Hessian Ministry for Higher Education, Research, Science and the Arts (HMWK). Further information about ATHENE can be found at https://www.athene-center.de/en/.
Följ news aktuell GmbH
Abonnera på våra pressmeddelanden. Endast mejladress behövs och den används bara här. Du kan avanmäla dig när som helst.
Senaste pressmeddelandena från news aktuell GmbH
Innovative Support AI “Neo” Launches in the New Customer App from PLAN-B NET ZERO12.12.2025 09:00:00 CET | Press Release
Zug/Berlin, December 12, 2025 – With “Neo”, PLAN-B NET ZERO is introducing a new generation of digital customer support: an AI that answers energy-related questions in real time, resolves requests automatically and is available around the clock. Faster, more precise and more personal than traditional service models.
30 Million Strong: Changan Hits Historic Production Milestone, Ushering in New Era of User-Centric, Tech-Driven Global Growth11.12.2025 08:08:26 CET | Press Release
Chongqing, China, December 10, 2025 - Changan today celebrated a historic achievement as its 30 millionth vehicle-an AVATR 12 Quad-Laser Edition-rolled off the line at the AVATR Digital Intelligence Factory. The milestone signals Changan's evolution into a global intelligent mobility technology company.
Debtist lanserar i Sverige: Digital inkasso utökar sin närvaro i Nordeuropa10.12.2025 12:27:47 CET | Pressmeddelande
Stockholm - Debtist, ett av Europas ledande företag inom digital inkasso, expanderar till Sverige. Det Frankfurt-baserade scale-up-företaget inkluderades nyligen i Sifted Future 50 – en utmärkelse för Europas snabbast växande techföretag. Med marknadsetableringen och ett nytt kontor i Stockholm stärker Debtist sin position i Nordeuropa och bygger vidare ut sina aktiviteter i Skandinavien. Sverige som en strategisk marknad för moderna finansprocesser Sverige är en av Europas mest digitalt avancerade ekonomier. Den höga acceptansen för automatiserade lösningar och AI-baserade teknologier gör landet till en idealisk miljö för Debtists digitala inkasso. "Etableringen i Sverige är ytterligare ett viktigt steg under ett år som präglats av stark tillväxt. Marknaden är digital, innovationsvänlig och öppen för effektiva processer. Perfekta förutsättningar för vår approach," säger Matteo Benedetti, medgründare av Debtist. Ny regional ledning: Caroline Kops blir Head of Nordics Med Caroline Kops
Bertrandt Sverige AB launches in Gothenburg - Establishment of a site in Sweden10.12.2025 10:55:59 CET | Press Release
Ehningen/Gothenburg, December 10, 2025 – Bertrandt continues its international growth strategy by founding Bertrandt Sverige AB in Sweden. Proximity to renowned OEMs such as Volvo Cars, access to an innovation cluster, and a focus on sustainable, future-oriented technologies are the core of this location decision.
Valle Venia presents Sandgrain in Space LPS feat. Lara5.12.2025 10:15:00 CET | Press Release
A Cosmic Song on Self Creation, Inner Rebirth, and the Quiet Power of Becoming Sandgrain in Space also gestures toward a vision of a “silent divine world,” a realm of clarity and heightened perception that emerges when inner turbulence dissolves. The silence referenced in the song is not emptiness but equilibrium, a moment of stillness in which the self hears itself without distortion. The song invites listeners to imagine this future world, one where illumination begins internally and radiates outward, influencing consciousness on a collective scale. This dimension gives the single an emotional resonance that extends beyond its space-driven imagery, grounding it in universal human longing for clarity, renewal, and transcendence. Musically, the single blends airy ambient textures with understated melodic movements that echo the vastness of its thematic concerns. The production opens with floating tonal fragments reminiscent of drifting light particles before expanding into luminous, sl
I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.
Besök vårt pressrum