Getting encryption right can be hard. But even basic mistakes continue to be made, as proven by Austrian researchers who claimed to have uncovered the same vulnerability in nine per cent of all devices running over HTTPS encrypted lines.
The researchers, from SEC Consult, analyzed the cryptographic keys in the firmware of more than 4,000 connected devices from more than 70 vendors, detailing their efforts in a blog post today. The affected "embedded systems" included internet gateways, routers, modems, IP cameras, network storage devices, mobile and Internet-connected phones, and more.
They were able to extract more than 580 unique private keys embedded in firmware across devices, a significant number of which were shared across systems. This is problematic as malicious hackers who can get access to those keys, as SEC Consult did, can impersonate any of the affected device servers by creating their own version of the target machine’s encryption certificate and signing it with that key, making it appear like the genuine article to users' PCs or smartphones. Typically, such attacks would lead to a warning on the PC that the certificate was not trusted as it wasn't signed with the correct key. But no such alert would appear where the correct encryption key was used, even though it'd been pilfered.
With this power, a hacker could deliver malware disguised as a fake update appearing to come from the server, or create a web control panel for tricking users into handing over personal data and passwords. Or they could simply spy on users as they accessed the target system.
By correlating their data with information from internet-wide scan tools - Scans.io and Censys.io - the researchers determined they had uncovered private keys for 3.2 million HTTPS hosts, or nine per cent of all HTTPS hosts on the web. Private keys for more than six per cent of all Secure Shell (SSH) hosts on the web - 0.9 million hosts - were also uncovered during the research, primarily carried out by Stefan Viehböck, senior security consultant at SEC Consult. SSH is typically used for remotely connecting into a server with encryption protecting the communications.
A huge number of tech companies' products were affected. SEC Consult discovered more than 900 devices from 50 vendors to be vulnerable. Some of the bigger names included Cisco,
So widespread is the problem that disclosure was somewhat difficult, though CERT/CC (the Computer Emergency Response
For now, though, a significant portion of the web that’s supposed to provide security and privacy is open to attack. “A ‘normal’ attacker would usually search for a specific target and then analyse this firmware for specific flaws or extract the private keys out of the firmware,” said Greil. “We did this analysis mainly to get a grasp how common this problem really is - and it seems to be a huge industry-wide one.”
A bigger problem than we know
Indeed, the actual percentage of vulnerable devices is likely to be higher than stated by SEC Consult, according to both Greil and HD Moore, the chief research officer of security consultancy Rapid7 who worked on the Sonar scanning project that led to Scans.io and Censys, now run by the University of Michigan.
When Rapid7 looked for HTTPS and SSH keys with internet-wide scans earlier this year, it found some troubling statistics, said Moore. Though they didn’t grab the private keys as Viehböck did, it was apparent that not only were a huge number of systems shipping with hardcoded encryption keys - a problem in and of itself - there were double-digit percentages of keys shared between unrelated systems. Hackers lives are made much easier where encryption keys are the same across different devices. Moore provided FORBES with stats from previously unpublished work showing 1,766,643 SSH servers presented a key that was shared by at least 1,000 other systems.
That so many supposedly secure lines are potentially compromised is seriously worrying, said Professor Alan Woodward, from the University of Surrey’s Department of Computing. “Obviously you have to store your key on your device but by making static across many devices it's like selling a front door lock where everyone can use the same key to get in,” Woodward said.
“It's not trivial to reverse engineer this type of firmware but hackers do it all the time. Hence, using the same key across all instances device is almost an invitation to break equivalent.
“What makes this so worrying is that it is not necessary. It's a lazy way of doing it, and in security laziness leads to mistakes. The devices could be designed to generate their own local keys during initial setup or reset.”
Yet more research, outlined in a paper released this month, showed embedded devices had a horrible security record. A study by French research center Eurecom and Ruhr-University Bochum, Germany, discovered that 185 out of 1925 firmware versions from 54 different vendors contained “important vulnerabilities” and that simple fixes could address the majority of them.
What can you do about it?
FORBES understands only five vendors - Cisco, ZTE, ZyXEL, Technicolor, Unify - have confirmed fixes are on the way. None of the vendors had responded to FORBES' request for comment at the time of publication.
As general good practice, SEC Consult said vendors should make sure that each device uses random, unique cryptographic keys, which could either be computed in the factory or on first boot. ISPs will also have to work with vendors to update the firmware where telecoms equipment is affected.
Regular home users are left with little to do, however, apart from wait for a patch, unless they are able to change the keys and certificates so they are unique to the specific device - something that isn’t always possible as some products do not allow them to be changed. A Virtual Private Network tool should help prevent some snooping, as it will hide users' identities and encrypt their traffic.
But without proper patches from vendors, there's no practical solution for the average user.
UPDATE TrendNet said firmware updates to fix the issue are available for several of the products, but didn't say which ones. Some of the models were legacy models and have been discontinued. "Our security team is looking into all the items on the list to validate the claim and make an appropriate action plan," a spokesperson added.
ZyXEL said it had issued an update to patch the issue too.
