AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

KeyTrap: DNSSEC flaw discovered by researchers

The vulnerability puts the stability of DNSSEC at risk

A vulnerability, called KeyTrap, has been discovered in the DNSSEC authentication system, potentially causing disruptions to DNS service. Safety solutions have been implemented to prevent damage.

This pill is also available in Italian language

Recently, a vulnerability was discovered in the security extensions of the Domain Name System, known as DNSSEC. The malfunction, reported with the acronym CVE-2023-50387 and nicknamed KeyTrap, affects the DNS response authentication system, which for two decades appeared ineffective against certain threats. Potential attackers, by manipulating a single packet sent to a DNS server, could disrupt a persistent denial of service (DoS), with serious consequences for Internet access. Corrective solutions have been adopted by network giants such as Google and Cloudflare.

The DoS attack and its repercussions on the network

The exploit designated KeyTrap exploits a flaw in the DNSSEC implementation, causing a time dilation in the management of cryptographic keys and signatures. The result is a disproportionate increase in the load on the server's CPU, which results in an interruption of the DNS service. This disruption should neither be underestimated nor seen in small: it can extend beyond internet browsing, including email and messaging services, with the possibility of having a negative impact on a large scale, affecting a large global audience.

Akamai fixes KeyTrap flaw

In relation to the KeyTrap flaw, Akamai proactively developed defense measures, which were implemented between December 2023 and February 2024. These include the refinement of recursive DNS resolvers and other cloud solutions. Given the magnitude of the risk, the underlying flaw in DNSSEC may require much more extensive design work, possibly involving a general overhaul of the protocol structure.

Vulnerability tips and statistics from Akamai

Akamai, in its latest communication, estimates that a significant share of users - 35% in the USA and 30% internationally - rely on DNS resolvers with DNSSEC validation and are therefore at risk. The company urges users to check for and apply security updates provided by their respective providers. Fortunately, the careful cooperation of the online community prevented its propagation and significantly mitigated the possible damage of what could have resulted in a malicious exploit.

Follow us on Instagram for more pills like this

02/21/2024 13:02

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon