AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

KeyTrap: DNSSEC flaw discovered by researchers

The vulnerability puts the stability of DNSSEC at risk

A vulnerability, called KeyTrap, has been discovered in the DNSSEC authentication system, potentially causing disruptions to DNS service. Safety solutions have been implemented to prevent damage.

This pill is also available in Italian language

Recently, a vulnerability was discovered in the security extensions of the Domain Name System, known as DNSSEC. The malfunction, reported with the acronym CVE-2023-50387 and nicknamed KeyTrap, affects the DNS response authentication system, which for two decades appeared ineffective against certain threats. Potential attackers, by manipulating a single packet sent to a DNS server, could disrupt a persistent denial of service (DoS), with serious consequences for Internet access. Corrective solutions have been adopted by network giants such as Google and Cloudflare.

The DoS attack and its repercussions on the network

The exploit designated KeyTrap exploits a flaw in the DNSSEC implementation, causing a time dilation in the management of cryptographic keys and signatures. The result is a disproportionate increase in the load on the server's CPU, which results in an interruption of the DNS service. This disruption should neither be underestimated nor seen in small: it can extend beyond internet browsing, including email and messaging services, with the possibility of having a negative impact on a large scale, affecting a large global audience.

Akamai fixes KeyTrap flaw

In relation to the KeyTrap flaw, Akamai proactively developed defense measures, which were implemented between December 2023 and February 2024. These include the refinement of recursive DNS resolvers and other cloud solutions. Given the magnitude of the risk, the underlying flaw in DNSSEC may require much more extensive design work, possibly involving a general overhaul of the protocol structure.

Vulnerability tips and statistics from Akamai

Akamai, in its latest communication, estimates that a significant share of users - 35% in the USA and 30% internationally - rely on DNS resolvers with DNSSEC validation and are therefore at risk. The company urges users to check for and apply security updates provided by their respective providers. Fortunately, the careful cooperation of the online community prevented its propagation and significantly mitigated the possible damage of what could have resulted in a malicious exploit.

Follow us on Telegram for more pills like this

02/21/2024 13:02

Marco Verro

Last pills

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon

Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved users

Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacks

A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivity