As of: February 21, 2024, 10:09 a.m
By: Claudia Kabel
Comments
Press
Split
Researchers at the Athene Center for Cybersecurity in southern Hesse uncover critical errors on the Internet - putting more than a billion users at risk.
Darmstadt – The Internet was in danger of being disrupted on a large scale by hackers, and no one noticed – until now.
Experts at the National Research Center for Applied Cybersecurity Athene in Darmstadt have uncovered a critical flaw in the basic structure of the Internet that could have had devastating consequences.
“With this vulnerability, hackers could have cut off a large proportion of Internet users worldwide from the Internet with very little effort,” says Michael Waidner, director of the Athene Center, when asked by the Frankfurter Rundschau.
Akamai, one of the largest internet service providers, estimates that a total of more than a billion users would have been affected.
Applications from software manufacturers such as Microsoft and various open source software, but also providers such as Google or Cloudflare, are at risk.
Exploiting this vulnerability would have serious consequences for any application that uses the Internet, as well as making technologies such as web browsers, email and instant messaging unavailable.
Hackers could have paralyzed much of the Internet.
© Athena
The researchers from Darmstadt and Frankfurt discovered the security gap within the security extension of the DNS (Domain Name System).
DNS is a type of telephone directory information within the Internet that ensures that the correct computer is reached via an Internet address, known as a URL.
Cyber research in Darmstadt: Vulnerability has existed for a long time
“With just a single DNS packet, hackers could cripple all common DNS implementations and public DNS providers,” said the experts, who call the new attack class “KeyTrap”.
Athene: Cyber research in Darmstadt
The National Research Center
for Applied Cybersecurity Athene is based in Darmstadt.
With more than 600
scientists, it is the largest cybersecurity research center in Europe.
The Fraunhofer Institutes for Secure Information Technology (SIT) and for Graphical Data Processing (IGD), TU Darmstadt, Goethe University Frankfurt and Darmstadt University of Applied Sciences
work together there .
(cka)
The vulnerability was only discovered now, but it has existed for a long time.
The team, consisting of Haya Schulmann and Niklas Vogel, both from Goethe University Frankfurt, Elias Heftrig from Fraunhofer SIT and Michael Waidner from the Technical University of Darmstadt and Fraunhofer SIT, was able to use code analysis to identify the vulnerability in early software versions in 2000 trace back.
The fact that no one has noticed it so far is because it can only be recognized with a lot of knowledge and experience.
“It's not just a programming error where someone forgot something small, but rather the error is spread across a whole range of requirements,” says Waidner.
Only when you look at everything together do you see the problem.
My news
2 hours ago
When the number of murdered Jews is shown on the film screen, students applaud - the public prosecutor's office is investigating
Student poisoned with liquid – rescue helicopter has to fly him to the clinic
“Never ride the night train again”: Woman robbed on the way from Italy to Austria read
Farmers block large Edeka and Lidl warehouses - activists present catalog of demands
39 mins ago
Major raid against suspected smuggling gangs
Return to Germany: Jürgen Klopp is building a new house reading here
Fraunhofer SIT building in which the Athene office is located in Darmstadt.
© Fraunhofer
Science Minister Gremmel praises the Athene Research Center
Since the security gap still exists, organizations that operate a vulnerable DNS server are now called upon to take countermeasures and protect their systems by patching them.
All manufacturers have provided these.
According to Waidmann, this affects almost a third of all DNS servers worldwide.
Since the vulnerabilities became known, the team has worked with all major vendors to mitigate the problem, but it can only be completely eliminated if the underlying approach is reconsidered.
The Hessian Science Minister Timon Gremmels (SPD) praised the success of Athene: “Cyber security is one of the biggest challenges for successful digital transformation.”
Athene has shown how quickly and to what extent research funding can bring profits.
The research center is an enormous location advantage for Hesse.
(Claudia Cable)