An anonymous reader writes: Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks. SEC Consult has analyzed firmware images of more than 4000 embedded devices of over 70 vendors — firmware of routers, IP cameras, VoIP phones, modems, etc. — and found that, in some cases, there are nearly half a million devices on the web using the same certificate.
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×