Researchers have found that thousands of Internet gateways, routers, modems and other embedded devices share cryptographic keys and certificates, exposing millions of connections to man-in-the-middle attacks that open the door to more extensive intrusions that jeopardize encrypted data.
This type of certificate reuse and sharing of SSH keys is apparently all too common among connected embedded devices, researchers at SEC Consult said in a report published last week.
SEC Consult senior security consultant Stefan Viehböck wrote that his organization analyzed public and private cryptographic SSH keys and X.509 certificates in the firmware of more than 4,000 embedded devices from 70 vendors. Nearly 600 unique private keys were discovered to have been distributed among the devices, the report said; the scope of potential damage is significant given that private keys for about 9 percent of HTTPs hosts (150 server certs used by 3.2 million hosts) and private keys for more than 6 percent of SSH hosts (900,000 hosts) were found. SEC Consult said that 230 of the 580 keys are actively being used.
“They have been embedded, essentially ‘baked in’ the firmware image (operating system) of devices and are mostly used for providing HTTPS and SSH access to the device,” Viehbock wrote. “This is a problem because all devices that use the firmware use the exact same keys. The keys are not a result of bad randomness.”
The study concluded that of the firmware the researchers had access to, more than 900 products from 50 vendors were vulnerable. The vendor list is a who’s-who of network and embedded device vendors and include Alcatel-Lucent, Cisco, D-Link, Deutsche Telekom, General Electric, Huawei, Motorola, NETGEAR, Philips, Seagate, TP-Link, Ubiquiti Networks, Vodafone and many others.
Cisco was among the first to issue an advisory to its users with a long laundry list of affected products that includes VPN routers, security routers, access points and firewalls. It has, however, not patched the issue, nor did it provide any workarounds.
“This is an attack on the client attempting to access the device and does not compromise the device itself,” Cisco said. “To exploit the issue, an attacker needs not only the public and private key pair but also a privileged position in the network that would allow him or her to monitor the traffic between client and server, intercept the traffic, and modify or inject its own traffic.”
SEC Consult, meanwhile, said that it found some keys in only one product or products from a particular vendor, while others were in products from different vendors, deducing that code had either been shared or leaked, or used by OEMs partnered with the respective vendors.
One Broadcom SDK certificate, for example, SEC Consult said, is used in firmware from a number of vendors who use the SDK to develop their own firmware. This one cert alone affects close to a half-a-million devices. Another certificate issued to a Bangalore-based software firm cam from a Texas Instruments SDK for ADSL2+ routers, SEC Consult said, and it found 300,000 devices using this cert and an SSH host key attributed to the SDK. Also, Seagate and local ISPs are other big offenders. SEC Consult found another 80,000 Seagate GoFlex home network-attached storage devices are exposing HTTPS and SSH, and thousands of ISP-issued home networking modems and gateways share affected firmware. Some of those include CenturyLink in the U.S., Mexico’s TELMEX, Spain’s Telefonica, China Telecom and many others.
SEC Consult added that it’s unlikely that all of these devices are intentionally exposed online via remote management interfaces, and that it’s likely that its scans (Censys.io and Scans.io) uncovered them because of weak configurations, in particular default credentials. They did say that while exploits would enable passive man-in-the-middle attacks, passive decryption and other serious attacks, an attacker would have to be on the network to intercept traffic.
“Exploiting this vulnerability via the Internet is significantly more difficult, as an attacker has to be able to get access to the data that is exchanged,” SEC Consult said. “Attack vectors can be BGP hijacking, an ‘evil ISP,’ or a global adversary with the capability to monitor Internet traffic.”
Vendors, meanwhile, are urged to ensure that embedded devices use random and unique keys and that ISPs ensure that remote access to local networks and customer equipment is not enabled.
SEC Consult said that it has been working with CERT/CC at Carnegie Mellon University to report and inform affected vendors about the issue.