You would think people would be be taken aback if someone suggested saving money by using the same key on every new house built in a neighbourhood, if so you don't work for companies developing hardware for the Internet of Things. In a recent survey of 4,000 embedded devices from 70 hardware makers, Sec Consult found that many had the same hardwired SSH login keys and server-side SSL certificates. The numbers they provided The Register were a total 580 private keys were found distributed over all the analyzed devices, of which at least 230 are in already in use on the internet. To be fair this is not uncommon in consumer level firmware as companies do not even bother to check over the source code let alone change the security keys held within but it is a huge security risk. For a glimpse at how bad some of these supposedly secure certs and keys are read on at The Register.
"Lazy makers of home routers and the Internet of Things are reusing the same small set of hardcoded security keys, leaving them open to hijacking en masse, researchers have warned."
Here is some more Tech News from around the web:
- Nest defends web CCTV Cam amid unstoppable 24/7 surveillance fears @ The Register
- Fedora 23: An Impressive Release for Advanced Linux Users @ Linux.com
- Raspberry Pi Zero: £4 PC aims to bring machine to more hands @ The Inquirer
- It is now possible to unlock a Windows Lumia Phone for root access @ The Inquirer
- Samsung is mass producing 'Through Silicon Via' DDR4 memory in 128GB modules @ The Inquirer
- Defeating Chip and PIN With Bits of Wire @ Hack a Day
- Critical Zen Cart Vulnerability Could Spell Black Friday Disaster For Shoppers @ Slashdot
- Nvidia Shield Android TV @ eTeknix