AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

KeyTrap: DNSSEC flaw discovered by researchers

The vulnerability puts the stability of DNSSEC at risk

A vulnerability, called KeyTrap, has been discovered in the DNSSEC authentication system, potentially causing disruptions to DNS service. Safety solutions have been implemented to prevent damage.

This pill is also available in Italian language

Recently, a vulnerability was discovered in the security extensions of the Domain Name System, known as DNSSEC. The malfunction, reported with the acronym CVE-2023-50387 and nicknamed KeyTrap, affects the DNS response authentication system, which for two decades appeared ineffective against certain threats. Potential attackers, by manipulating a single packet sent to a DNS server, could disrupt a persistent denial of service (DoS), with serious consequences for Internet access. Corrective solutions have been adopted by network giants such as Google and Cloudflare.

The DoS attack and its repercussions on the network

The exploit designated KeyTrap exploits a flaw in the DNSSEC implementation, causing a time dilation in the management of cryptographic keys and signatures. The result is a disproportionate increase in the load on the server's CPU, which results in an interruption of the DNS service. This disruption should neither be underestimated nor seen in small: it can extend beyond internet browsing, including email and messaging services, with the possibility of having a negative impact on a large scale, affecting a large global audience.

Akamai fixes KeyTrap flaw

In relation to the KeyTrap flaw, Akamai proactively developed defense measures, which were implemented between December 2023 and February 2024. These include the refinement of recursive DNS resolvers and other cloud solutions. Given the magnitude of the risk, the underlying flaw in DNSSEC may require much more extensive design work, possibly involving a general overhaul of the protocol structure.

Vulnerability tips and statistics from Akamai

Akamai, in its latest communication, estimates that a significant share of users - 35% in the USA and 30% internationally - rely on DNS resolvers with DNSSEC validation and are therefore at risk. The company urges users to check for and apply security updates provided by their respective providers. Fortunately, the careful cooperation of the online community prevented its propagation and significantly mitigated the possible damage of what could have resulted in a malicious exploit.

Follow us on Twitter for more pills like this

02/21/2024 13:02

Editorial AI

Last pills

Career opportunities in Italian intelligence: entering the heart of securityFind out how to join the intelligence forces and contribute to national security

Hacker attack impacts Microsoft and US federal agenciesNational security implications and strategic responses to credential theft

Implications and repercussions of the serious cyberattack on the Lazio NHSConsequences and punitive measures after the ransomware attack that brought the regional healthcare system to its knees

Telecommunications security: flaw exposes conversations and 2FA to the risk of interceptionRisk of privacy violation through call diversion: measures and industry responses