Private Cryptokey Sharing Rises Fast
SEC Consult recently published a research report, indicating that the number of internet-related devices, including gateways, modems, routers and various embedded devices that share known private keys for HTTPS server certificates is growing rapidly. The figure is up a sizable 40 percent, compared to November, when SEC Consult first took stock of the issue.
The report is a joint effort that included 50 different equipment vendors and a large number of internet service providers. According to SEC Consult, the number of devices sharing private cryptokeys went from 3.2 million as of late 2015 to around 4.5 million. The infosec company explains this increase with a number of factors. One would be that vendors are often unable to make patches for security loopholes, especially when it comes to legacy or end-of-life products. Even when such patches are made, embedded systems rarely get them. Other factors seem to be sub-par WAN firewalling and the growing number of Internet-of-Things devices.
The new report largely mirrors the findings of the research published in late 2015. Back then, SEC Consult found 600 private keys that were distributed among the 4,000 devices monitored. The new round of testing and research found over 300 certificates, their private keys included, and over 500 separate private keys. Existing problems resurfaced in the new tests. Over 750,000 devices still use certain old Broadcom SDL and Texas Instruments certificates. Problems with certificates paired with private keys were found with some Alcatel-Lucent firmware as well.
The particular instance of problematic private key firmware was found on nearly 50,000 devices connected to the web and could potentially allow bad actors to execute various man-in-the-middle attacks, including HTTPS decryption and installation of rogue access points.
SEC Consult's report is not all doom and gloom, but even the positive trends outlined in it are likely stemming from more issues. One example is the 62% drop in devices manufactured by Ubiquity Networks that are using insecure SSH keys and certificates. According to SEC Consult, the significant drop was likely caused by large-scale botnet attacks that in turn forced many customers to firewall those devices.
The actions SEC Consult prescribes are largely unchanged. The chief way to combat the issue is making sure each separate device uses unique and random cryptokeys. Another recommendation is that ISPs disable remote access to Common Platform Enumerations through WAN. The report closes with the sobering conclusion that any methodical and determined hacker can repeat the steps the infosec company took and gain access to the private keys that the devices are floating freely.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.