A presentation at next month’s Black Hat USA conference will shed light on a class of vulnerabilities that have gone largely unnoticed in the cybersecurity industry. Researchers from Forescout will argue that flaws in Border Gateway Protocol (BGP) implementations have flown under the radar despite the significant focus on cybersecurity.
BGP is a critical technology that manages the transmission of data packets between networks, making it essential to the functioning of the internet. Its importance has attracted attention from state-level actors, the security community, and three-letter agencies. However, the focus has primarily been on the protocol itself, and vulnerabilities in BGP software implementations have received less scrutiny.
Forescout researcher Daniel dos Santos warns that deep dives into specific aspects of technology may lead to blind spots. BGP, like any protocol, requires software implementations that can run on routers. This software is prone to vulnerabilities, yet the last comprehensive analysis of BGP software vulnerabilities took place two decades ago at Black Hat.
In a study conducted by dos Santos and his colleagues, they analyzed seven BGP implementations, including both open-source and proprietary software. Using automated analysis, known as fuzzing, they discovered three new vulnerabilities. These vulnerabilities were assigned “medium” CVSS scores and were found in the latest version of FRRouting, a popular networking solution used by organizations like PayPal, AthenaHealth, and Qualcomm.
The vulnerabilities centered around message parsing. Instead of checking the authorization of a user before processing a message, FRRouting parsed the message before verification. This flaw allowed attackers to execute denial-of-service attacks by sending malformed packets, rendering the victim unresponsive. However, FRRouting has since patched all three vulnerabilities.
The profile of organizations relying on BGP has expanded in recent years. While it was primarily used by internet service providers and internet exchange points, the growth of data centers has led to its adoption for internal routing purposes by organizations. Over 317,000 internet hosts have BGP enabled, with China and the US having the highest concentration. Only around 2,000 hosts run FRRouting, and approximately 630 respond to malformed BGP OPEN messages.
To mitigate future risks associated with BGP software implementations, dos Santos recommends that organizations maintain an inventory of devices and software running on their networks while prioritizing prompt patching. He emphasizes that organizations have a larger attack surface than they realize and must pay sufficient attention to securing IoT devices, operational technology, and network infrastructure, including BGP.
The upcoming presentation at Black Hat USA will draw attention to the vulnerabilities in BGP software implementations that have been overlooked in the cybersecurity industry. By raising awareness of these flaws, the industry can work towards strengthening the security and integrity of BGP, a critical component of the internet’s infrastructure.