Severe Vulnerabilities Discovered in Software to Protect Internet Routing

11.4.2024 16:51:22 CEST | news aktuell GmbH | Pressmeddelande

Dela

A research team from the National Research Center for Applied Cybersecurity ATHENE led by Prof. Dr. Haya Schulmann has uncovered 18 vulnerabilities in crucial software components of Resource Public Key Infrastructure (RPKI). RPKI is an Internet standard meant to protect Internet traffic from being hijacked by hackers. By now, all affected vendors provided patches for their products. The vulnerabilities could have had devastating consequences: Internet hijacks have already been exploited, e.g., for phishing passwords and other sensitive information, tricking certificate authorities into issuing fraudulent Web certificates, stealing cryptocurrency, distributing malware, and poisoning caches of DNS servers.

The ATHENE team consisting of Prof. Dr. Haya Schulmann and Niklas Vogel, both from Goethe University of Frankfurt, Donika Mirdita from TU Darmstadt, and Prof. Dr. Michael Waidner from TU Darmstadt and Fraunhofer SIT uncovered and disclosed 18 vulnerabilities. The National Vulnerability Database (NVD), operated by the US National Institute of Standards and Technology (NIST), assigned five Common Vulnerabilities and Exposures (CVE) entries to these vulnerabilities, some critical with a score of 9.3 out of 10. The team used a testing tool, CURE, which they developed specifically for this project and which ATHENE makes available free of charge to all developers of RPKI software. The researchers found vulnerabilities in all popular implementations of the validator component of RPKI. They range between crashes, violation of standard behavior, and even severe bugs that allow a network adversary to completely take over an RPKI certificate hierarchy in order to inject its own trust anchor – effectively being able to forge authentic and valid yet bogus routing information (i.e., BGP announcements). It is unknown whether any of the vulnerabilities were already exploited by hackers in the wild.

RPKI is a relatively new standard. Today, about 50% of the Internet’s network prefixes are covered by RPKI certificates, and 37.8% of all Internet domains validate RPKI certificates. In particular, many large providers and operators support RPKI, e.g., Amazon Web Services, Cogent, Deutsche Telekom, Level 3, and Zayo.

The research work was carried out in the ATHENE research area Analytic Based Cybersecurity (ABC) (more information at https://abc.athene-center.de/en/ ) and appeared at the 2024 Network and Distributed System Security (NDSS) Symposium in San Diego, California, USA. The research paper can be downloaded from https://www.ndss-symposium.org/ndss-paper/the-cure-to-vulnerabilities-in-rpki-validation/. The testing tool CURE developed and used by the researchers to uncover the vulnerabilities can be downloaded from https://github.com/rp-cure/rp-cure.

Kontakter

Mrs. Cornelia Reitz

cornelia.reitz@athene-center.de

About us

The National Research Center for Applied Cybersecurity ATHENE is a research center of the Fraunhofer Society that brings together the Fraunhofer Institutes for Secure Information Technology (SIT) and for Computer Graphics Research (IGD), Technische Universität Darmstadt, Goethe-Universität Frankfurt am Main, and Darmstadt University of Applied Sciences. With more than 600 scientists, ATHENE is Europe's most prominent cybersecurity research center and Germany’s leading scientific research institution in this domain. ATHENE is supported by the German Federal Ministry of Education and Research (BMBF) and the Hessian Ministry for Higher Education, Research, Science and the Arts (HMWK). Further information about ATHENE can be found at https://www.athene-center.de/en/.

Följ news aktuell GmbH

Abonnera på våra pressmeddelanden. Endast mejladress behövs och den används bara här. Du kan avanmäla dig när som helst.

Senaste pressmeddelandena från news aktuell GmbH

HEIDELBERG focuses on economic efficiency in FY 2025/26 – operating margin set to rise further5.6.2025 08:24:53 CEST | Press Release

Targets for financial year 2024/25 achieved – sales and adjusted EBITDA margin match previous year’s figure Significantly positive free cash flow of € 51 million China Print trade show’s positive impact on orders creates basis for good start to FY 2025/26 Areas with growth potential range from packaging and digital printing to software and lifecycle products Outlook for FY 2025/26 – slight increase in sales expected and adjusted EBITDA margin set to rise to as much as around 8 percent

What solar efficiency records mean for homeowners - A glance at the future of solar with Back Contact and Tandem technology4.6.2025 11:12:14 CEST | Pressmeddelande

Frankfurt am Main Solar panels are no longer just a tool for cutting electricity bills. They are becoming a long-term investment in home energy independence. And with every jump in solar cell efficiency, that investment becomes more powerful, compact, and future-ready. This spring, solar technology leader Longi announced not one, but two new world records in solar efficiency. These achievements offer a glimpse of what homeowners might soon see on their rooftops. Look out for Back Contact Technology and Tandem - two new efficiency milestones achieved In May, Longi reached 27.81% efficiency in a solar cell using heterojunction interdigitated back contact (HIBC) technology. Independently verified by Germany’s Institute for Solar Energy Research in Hamelin (ISFH), this result now stands as the world’s highest efficiency for monocrystalline silicon photovoltaic cells. At the same time, Longi also set a new world record with its Tandem solar technology, combining silicon and perovskite layer

Institut auf dem Rosenberg Opens 2026/27 Admissions, Emphasizing Diversity and Individuality Over Sole Academic Merit3.6.2025 10:00:00 CEST | Press Release

St. Gallen, Switzerland – June 3rd, 2025 – Institut auf dem Rosenberg, recently ranked as the “Best Boarding School in the World” by Premium Europe, announces the opening of its admissions cycle for the 2026/27 academic year. With all grades currently operating on a waitlist basis, the school continues to attract exceptional applicants, with only a select few gaining direct admission. “Academic excellence is fundamental, but it’s the unique personalities, talents, and perspectives that truly enrich our community,” said Anita Gademann, Board Member and Head of Innovation. “We seek students who not only excel in academics but also bring distinctive qualities that contribute to a vibrant and forward-thinking environment.” Rosenberg’s commitment to individualized education is evident in its unparalleled Talent & Enrichment Programme. Offering over 100 courses – from robotics and artificial intelligence to fashion design and international law – the programme provides students with real-worl

Hackatao x Crypto stamp art – Creative minds3.6.2025 09:00:00 CEST | Press Release

Mozart & Hedy Lamarr as phygital icons of the second edition

Natascha Thomas is the new PDLN President2.6.2025 11:59:01 CEST | Press Release

Annual conference of the international network for the legally compliant marketing of media content in Warsaw

I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.

Besök vårt pressrum