Let’s say you’re a manufacturer of embedded device, maybe routers or wireless access points. Cool. And let’s also say that you want to offer encrypted connections to those devices. Great. So you grab a server certificate online, throw it in the device’s firmware and ship it. Not cool at all.
But that’s what a number of device vendors are doing, repeating the same mistake over and over again by using known server certificates and SSH host keys in their devices. That opens their users up to a wide variety of attacks that can intercept and decrypt the supposedly secret information they’re transmitting. Researchers at SEC Consult first disclosed the problem last fall, when they discovered 3.2 million devices using known HTTPS server keys. In the months since then, the problem has gotten significantly worse, with 4.5 million devices using known keys now.
“There are many explanations for this development. The inability of vendors to provide patches for security vulnerabilities including but not limited to legacy/EoL products might be a significant factor, but even when patches are available, embedded systems are rarely patched. Insufficient firewalling of devices on the WAN side (by users, but also ISPs in case of ISP-supplied customer premises equipment, CPE) and the trend of IoT-enabled products are surely a factor as well,” Stefan Viehböck of SEC Consult said in a post explaining the results this week.
The company has released several hundred of the server certificates and private keys, along with more than 500 separate private keys. There are a number of vendors affected by the problem, including Ubiquiti, Aruba, Cisco, Sierra Networks, and many others. One of the certificates found in the scan is used in more than 500,000 devices. That certificate is in a Broadcom SDK that’s used in devices from many vendors.
The security of embedded devices is notoriously poor. Earlier this week, researchers in the Czech Republic published details of a large network of compromised embedded devices that includes security cameras, DVRs, and other devices. SEC Consult recommends that vendors use unique random keys for every device and that end users change SSH host keys and certificates to specific ones for each device, although that’s not always possible on embedded devices.
Viehböck said the company decided to publish the data as a way for researchers to replicate their work, even though publicizing the certificates and keys can give attackers a head start.
“The data we are publishing allows researchers to reproduce the results of our study, find more cases or cryptographic key reuse, attribute cryptographic keys to specific vendors/products, but also to develop tools for detecting and exploiting this vulnerability class in the course of penetration tests. Releasing the private keys is not something we take lightly as it allows global adversaries to exploit this vulnerability class on a large scale. However we think that any determined attacker can repeat our research and get the private keys from publicly available firmware with ease,” Viehböck said.