900 Embedded Devices Share Hard-Coded Certs, SSH Host Keys

An anonymous reader writes: Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks. SEC Consult has analyzed firmware images of more than 4000 embedded devices of over 70 vendors — firmware of routers, IP cameras, VoIP phones, modems, etc. — and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Re:

[Opportunist]

Dammit, I knew running the bum smacking machine on a ZigBee was a bad idea.

Re: They can decrypt your private information

[ArmoredDragon]

Welcome to the internet of everything era, where nothing can possible go wrong.

What's that?

[gstoddart]

What's that? The companies who make consumer electronics do a terrible job of security and routinely deliver products with little or no security?

Well, golly gee, I'm totally shocked.

No, wait, the other one ... where I think it should be self evident that probably 95% or more of all devices which want to connect to the internet should be presumed to be utterly insecure and not used.

It's pretty clear that without some penalties and liability, the companies who are trying to bring us the connected world are either incompetent at, or indifferent to, any form of security.

If it isn't a computer, I pretty much don't trust it with any form of network connection.

Re:

[Anonymous Coward]

It probably passed their own "security tests", which is running security scan software against the running device. They probably even have a "Security Engineer", that couldn't write "Hello World" in C, look over the data flow diagram to make sure the lines are the right color (encrypted).

I used to work for a company that built products like this. Products routinely went out with hardcoded admin passwords (so support can fix customer device) or worse; And the passwords were handed out like candy, even sales

Re:

[Opportunist]

Amazing. A third of their time. Considering that it's the job of the CISO, not the CIO, that's quite a lot.

Nice biased article leaving Apple out

[Anonymous Coward]

Nice biased article leaving Apple out, when part of Apple's touted security is HARD CODED KEYS embedded in hardware.

Why attack the little guys when one of the biggest of them all is given a free pass? Google key0x89b or go straight to http://www.sputtr.com/key0x89b for a copy.

Re:

[MobileTatsu-NJG]

Nice biased article leaving Apple out, when part of Apple's touted security is HARD CODED KEYS embedded in hardware.

I'd like to know more about this. Link, please?

Re:

[MobileTatsu-NJG]

Heh. Here's a tip: 'Let Me Google That For You' is only worthwhile when the search terms are obvious. If you put in something as obscure as "key0x89b", then the sarcasm is just lost.

As for the links, thank you, I perused them, but I cannot find why you're raking Apple over the coals on it. The article is about certificates being burned in, "key0x89b" is about burning the decryption keys for the filesystem, unique to each device, into the memory on the machine. There are reasons why this is bad but it h

Re:

[MobileTatsu-NJG]

And... I put my foot in my mouth. I apologize, I didn't see where you said "Google key0x89b..." That's my bad, please free to point and make fun of me. The only real excuse I have for that is undiagnosed brain-damage or something.

My tasty little slice of humble-pie aside, I hope you'll still consider the rest of my post.

Cost driven engineering

[monkeyxpress]

What a bunch of idiots. Not just for sharing the same certificate between multiple devices, but for doing this in devices that clearly have mediocre to non-existent firmware read protection. Knowing how many of these products are put together, there is probably some underpaid graduate developer in China who is whoring out the same firmware to any MBA who wants to pay bottom dollar for everything.

I have worked with some pretty poor embedded developers in my time, but none of them would be this stupid. Their

Re:

[PPH]

Right. But then these OEMs probably represent the low end of the software vendor's customers. If you want your own key, you pay them a few extra bucks to generate one for your product line. And then you take measures to protect your investment. Like specifying firmware read protection in your device hardware.

Exaggerated again ...

[angel'o'sphere]

There is not that much wrong with doing that. As long as you can not extract the certificate, why care?
Against popular believe SSH and HTTPS don't use public key encryption for the data transfer. A little bit thinking, in case of SSH at least, would make that obvious to everyone.
The public/private key encryption is used in the beginning of the handshake to exchange a stream cypher usually something like DES.
There is absolutely no difference in having a billion devices with the same keys/certificates and try

Re:

[SwashbucklingCowboy]

I think that simple fact escaped him.

Re:

[SwashbucklingCowboy]

"The public/private key encryption is used in the beginning of the handshake to exchange a stream cypher usually something like DES."

No one with an ounce of up to date crypto knowledge uses DES. Perhaps you meant AES.

"There is absolutely no difference in having a billion devices with the same keys/certificates and trying to use the data of all transmissions to them to crack them (reversal them) versus a singe certificate like google.com's and having billions of connections per day to that single point."

Sur

Re:

[AHuxley]

Yes the "firmware of routers, IP cameras, VoIP phones, modems" is the key. A lot of different groups search the wider internet for any networked devices. One key when found that fits all is not a good design when the consumer feels they bought a product that has some level of encryption.

Re:

[Fnord666]

"The public/private key encryption is used in the beginning of the handshake to exchange a stream cypher usually something like DES."

No one with an ounce of up to date crypto knowledge uses DES. Perhaps you meant AES.

In addition, both DES and AES are block ciphers, not stream ciphers.

Re:

[SwashbucklingCowboy]

AES used in GCM mode is essentially a stream cipher.

Re:

[PPH]

Odds are that these 900+ devices were built from the same image. Hence the identical keys. And if this is the case, then either all of them have an exposed private key or none of them do. Once a build process has been verified to load the correct components and not load those that should not be, stamping out identical copies is quite secure.

In the case of identical key pairs being loaded on different devices, all that this key does is uniquely identify the particular software build that your IoT device is

Re:

[epine]

If Data and Lore had been configured with different host keys, a whole lot of anguish could have been avoided.

When a signal transmission is detected from Data's quarters, Wesley Crusher arrives to investigate. He finds Lore, now impersonating Data, who explains that he had to incapacitate his brother after being attacked. Wesley is doubtful, but since Lore and Data were misconfigured with identical host keys, he has little option but to pretend to accept the explanation.

Understanding Secure Shell Host Keys [vandyke.com]

Re:

[willy_me]

Of course it would be cooler if only small badges of devices had the same cert, or if you even would go through the hassle to make individual ones.

Going through this hassle is exactly what is typically done. It is not uncommon for the initial - or post reset - boot of a router to take significantly longer then subsequent boots. This is when the router generates the public / private key combination. I suppose that the manufacturers are bypassing this to simplify support. Alternatively, they are truly incompetent and simply flashing the devices with a firmware that already contains the certificate. But each device should have a different serial nu

Re:

[angel'o'sphere]

Serial numbers have nothing to do with certificates.

You can make public/privat key combos on your computer as many as you want and use them as you want.

With that private key you can decode the shared AES (or DES) key and subsequently decode all network traffic.
The DES/AES Key is new for every connection.

The key will be stored in FLASH memory and can be accessed via JTAG connection.
Only if the device has such a connector. Which it likely has not. Never saw one that has one ...

Would make more sense, to deso

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[fisted]

Thanks. What would we just do without you.

It's Economics not Cryptography

[FeelGood314]

I work trying to secure small embedded devices. It is frustrating beyond belief. No one will pay for real security. Most end users don't understand it and wont pay for real security. Banks, utilities and even governments don't care if the loss caused by a breach is incurred by someone else. Managers might care but they aren't going to stick their necks out and do anything different since they can never be blamed for following "industry best practices"

Until the people who have the ability to fix secu

Re:

[PurpleAlien]

Same here. I see the same things. We design everything with security in mind from the get-go. However, this has meant having to skip customers who just didn't care (and wouldn't cover the costs that come with it). Most businesses wouldn't do that, so this all leads to horribly insecure crap.

Re:

[Aristos Mazer]

This is an area where I would support government regulation -- banning the sale of devices that don't meet a high security standard, just like we ban food that's unfit for consumption or require specific safety devices in cars. I've hoped that, as cars get more computerized, the regulations around cars would have a bleed-over effect, but, so far, no luck there.

NSA_Key?

[Ungrounded Lightning]

Did anybody compare the lists of devices sharing these hardcoded SSL certs to the lists in the Snowden Revelations that various projects in NSA were willing to crack on a wholesale basis for other departments?

Pirelli?

[cant_get_a_good_nick]

I think of them as tires only (well, and the calendar). What since when do they make/sell/rebadge routers?