National Research Center for Applied Cybersecurity ATHENE: Severe Vulnerabilities Discovered in Software to Protect Internet Routing
12.4.2024 08:49:14 CEST | news aktuell GmbH | Press release
A research team from the National Research Center for Applied Cybersecurity ATHENE led by Prof. Dr. Haya Schulmann has uncovered 18 vulnerabilities in crucial software components of Resource Public Key Infrastructure (RPKI). RPKI is an Internet standard meant to protect Internet traffic from being hijacked by hackers. By now, all affected vendors provided patches for their products. The vulnerabilities could have had devastating consequences: Internet hijacks have already been exploited, e.g., for phishing passwords and other sensitive information, tricking certificate authorities into issuing fraudulent Web certificates, stealing cryptocurrency, distributing malware, and poisoning caches of DNS servers.

Frankfurt and Darmstadt, April 2024
The ATHENE team consisting of Prof. Dr. Haya Schulmann and Niklas Vogel, both from Goethe University of Frankfurt, Donika Mirdita from TU Darmstadt, and Prof. Dr. Michael Waidner from TU Darmstadt and Fraunhofer SIT uncovered and disclosed 18 vulnerabilities. The National Vulnerability Database (NVD), operated by the US National Institute of Standards and Technology (NIST), assigned five Common Vulnerabilities and Exposures (CVE) entries to these vulnerabilities, some critical with a score of 9.3 out of 10. The team used a testing tool, CURE, which they developed specifically for this project and which ATHENE makes available free of charge to all developers of RPKI software. The researchers found vulnerabilities in all popular implementations of the validator component of RPKI. They range between crashes, violation of standard behavior, and even severe bugs that allow a network adversary to completely take over an RPKI certificate hierarchy in order to inject its own trust anchor – effectively being able to forge authentic and valid yet bogus routing information (i.e., BGP announcements). It is unknown whether any of the vulnerabilities were already exploited by hackers in the wild.
RPKI is a relatively new standard. Today, about 50% of the Internet’s network prefixes are covered by RPKI certificates, and 37.8% of all Internet domains validate RPKI certificates. In particular, many large providers and operators support RPKI, e.g., Amazon Web Services, Cogent, Deutsche Telekom, Level 3, and Zayo.
The research work was carried out in the ATHENE research area Analytic Based Cybersecurity (ABC) (more information at https://abc.athene-center.de/en/ ) and appeared at the 2024 Network and Distributed System Security (NDSS) Symposium in San Diego, California, USA. The research paper can be downloaded from https://www.ndss-symposium.org/ndss-paper/the-cure-to-vulnerabilities-in-rpki-validation/. The testing tool CURE developed and used by the researchers to uncover the vulnerabilities can be downloaded from https://github.com/rp-cure/rp-cure.
The National Research Center for Applied Cybersecurity ATHENE is a research center of the Fraunhofer Society that brings together the Fraunhofer Institutes for Secure Information Technology (SIT) and for Computer Graphics Research (IGD), Technische Universität Darmstadt, Goethe-Universität Frankfurt am Main, and Darmstadt University of Applied Sciences. With more than 600 scientists, ATHENE is Europe's most prominent cybersecurity research center and Germany’s leading scientific research institution in this domain. ATHENE is supported by the German Federal Ministry of Education and Research (BMBF) and the Hessian Ministry for Higher Education, Research, Science and the Arts (HMWK). Further information about ATHENE can be found at https://www.athene-center.de/en/.
Press Contact: Mrs. Cornelia Reitz, cornelia.reitz@athene-center.de
Subscribe to releases from news aktuell GmbH
Subscribe to all the latest releases from news aktuell GmbH by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from news aktuell GmbH
FEV collaborates with Microsoft on efficient AI model approach for in car applications built on NVIDIA9.7.2026 11:05:00 CEST | Press release
Aachen – FEV is collaborating with Microsoft to integrate powerful, in-vehicle Generative AI capabilities built on NVIDIA GPU-accelerated compute and AI model microservices. The cooperation aims to enable multimodal voice, text, and gesture interactions directly in the vehicle – independent of a permanent Internet connection.
Acrobat Studio og Acrobat KI-assistent: den nye generasjonen KI-støttet produktivitet – nå også på norsk8.7.2026 15:08:48 CEST | Press release
SAN JOSE, Calif. - 8. juli 2026 - Adobe utvider tilgjengeligheten til Acrobat Studio og Acrobat KI-assistenten i Norge. Nå er de KI-støttede funksjonene for produktivitet og kreavtivitet også tilgjengelige på norsk, og kan dermed brukes av brukere på lokalt språk. Acrobat Studio kombinerer Adobe Acrobat Pro, Adobe Express Premium og smarte KI-assistenter. Acrobat KI-assistent er også tilgjengelig som et separat tillegg for alle Adobe Acrobat-produkter (Acrobat Reader, Acrobat Standard og Acrobat Pro) – et fleksibelt alternativ for alle som ønsker å bruke KI-støttede funksjoner kun når de arbeider med dokumenter. Begge disse tilbudene gjør det mulig for brukere å raskere samle inn informasjon i PDF-er og Office-dokumenter, opprette innhold og effektivisere arbeidsflyten. Acrobat Studio og Acrobat KI-assistenten markerer et viktig trinn i utviklingen av PDF-filen, som har blitt standarden for viktige dokumenter siden den ble lansert av Adobe i 1993. Acrobat utvikler seg fra et ledende pr
Grünenthal receives FDA Orphan Drug and Rare Pediatric Disease Designations for Tegacorat for the Treatment of Duchenne Muscular Dystrophy8.7.2026 10:37:04 CEST | Press release
Aachen, 08 July 2026 – Grünenthal announced today that its investigational compound tegacorat (GRM-01) received Orphan Drug and Rare Pediatric Disease Designations from the US Food and Drug Administration (FDA) for the treatment of Duchenne muscular dystrophy (DMD).
Grünenthal successfully completes Phase I trial with Nociceptin Receptor (NOP) Agonist29.6.2026 12:28:23 CEST | Press release
The investigational compound has a unique mechanism of action and the potential to become a first-in-class therapy option for the treatment of acute and chronic pain. In a Phase I trial, the investigational compound was demonstrated to be safe and well tolerated. A Phase II trial will commence later this year.
FRITZ: YouGov survey in 14 countries: Trust in router manufacturers from different regions European consumers mistrust Chinese routers29.6.2026 10:00:00 CEST | Press release
More than half of consumers in Norway mistrust routers from Chinese manufacturers (59%) Many mistrust devices made in the USA European routers enjoy a high level of trust across Europe (60%) For half of Europeans (55%), the ‘Made in Europe’ label important to when making a purchase
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom