[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

900 Embedded Devices Share Hard-Coded Certs, SSH Host Keys

To: cpunks <[email protected]>
Subject: 900 Embedded Devices Share Hard-Coded Certs, SSH Host Keys
From: [email protected] (Rayzer)
Date: Thu, 26 Nov 2015 12:32:55 -0800

900 Embedded Devices Share Hard-Coded Certs, SSH Host Keys

Posted by timothy on Thursday November 26, 2015 @03:00PM from the
same-assembly-line dept.

An anonymous reader writes:

Embedded devices of some 50 manufacturers has been found sharing the
same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact
that can be exploited by a remote, unauthenticated attacker to carry out
impersonation, man-in-the-middle, or passive decryption attacks
<http://www.net-security.org/secworld.php?id=19159>.

SEC Consult has analyzed firmware images of more than 4000 embedded
devices of over 70 vendors â?? firmware of routers, IP cameras, VoIP
phones, modems, etc. â?? and found that, in some cases, there are nearly
half a million devices on the web using the same certificate.

http://hardware.slashdot.org/story/15/11/26/1541216/900-embedded-devices-share-hard-coded-certs-ssh-host-keys


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20151126/d7194fa9/attachment.sig>

Follow-Ups:
- 900 Embedded Devices Share Hard-Coded Certs, SSH Host Keys
  - From: [email protected] (rysiek)

Prev by Date: Moon of Alabama: Context Of Yesterday's Turkish Attack Against The Russian Jet
Next by Date: (Resend)Moon of Alabama: Context Of Yesterday's Turkish Attack Against The Russian Jet
Previous by thread: France - sadly not a friend of principle or truth
Next by thread: 900 Embedded Devices Share Hard-Coded Certs, SSH Host Keys
Index(es):
- Date
- Thread