Widespread reuse of HTTPS certificates and SSH keys is undermining the security of thousands of embedded devices including internet gateways, routers, modems, IP cameras and VoIP phones.
Stefan Viehböck, senior security consultant at SEC Consult who conducted the study, he was particularly interested in analysing the cryptographic keys – public keys, private keys and certificates – in firmware images.
He looked at 4000 devices from 70 vendors and found that the most common uses for static keys was SSH host keys for operating an SSH server and X.509 certificates for HTTPS.
He was able to identify matching certificates on different devices by correlating the modulus and found 580 unique private keys.
He said his dataset contains the private keys for more than nine percent of all HTTPS hosts on the web, which works out to 150 server certificates used by 3.2 million hosts. His dataset also contains the private keys for more than six percent of all SSH hosts on the web, which works out to 80 SSH host keys used by 900,000 hosts.
The static keys are “baked”, or hard-coded, in the firmware to provide HTTPS and SSH access to the device.
Viehböck speculates that in many cases, vendors have borrowed code from other vendors through software development kits (SDKs), but it can also be a result of leaked or stolen code or white-label OEM products.
He warns that many ISPs are deliberately setting their customers' products to be accessible from the web for remote management. He notes that some vendors are also enabling remote management by default.
This leaves users open to man-in-the-middle and passive decryption attacks, although he notes that an attacker would have to be in a position to intercept the communications to and from the device.
SEC Consult has worked with CERT/CC to inform affected vendors since August, Viehböck said. A detailed vulnerability note can be found at kb.cert.org/vuls/id/566724.
Sundaram Lakshmanan, VP of technology at CipherCloud, commented: “This exploit exemplifies a common problem in technology where the cryptography underneath is solid but the implementation at scale leaves the gates wide open. This flaw also affects IoT devices, which presents an even bigger problem. Internet-enabled devices have a much smaller footprint and has to store both hardware and software, so authentication and key rotation are harder to implement. At the same time, most of these devices cannot take remote patches, which can create a nightmare scenario when it comes to fixing flaws.”