Increasing Number of Devices Exposed by Crypto Key Reuse

Nine months after researchers revealed that millions of devices are exposed to cyberattacks due to the reuse of cryptographic keys in their firmware, the number of impacted systems has increased considerably.

In November 2015, security firm SEC Consult reported finding a fairly small number of cryptographic secrets, including private keys and certificates, used across more than 4,000 embedded devices from over 70 vendors. The list of affected products includes modems, IP cameras, routers, gateways and VoIP phones.

Experts identified 580 unique keys, including roughly 80 SSH host keys used by nearly one million hosts and approximately 150 server certificates used by 3.2 million hosts (9% of the total) for HTTPS. They warned that attackers could leverage the shared keys to launch man-in-the-middle (MitM), impersonation and passive decryption attacks.

In a follow-up blog post published on Tuesday, SEC Consult reported that the number of devices using these shared private keys for HTTPS server certificates has increased by 40 percent to 4.5 million. The company is still in the process of obtaining information on the use of SSH host keys.

“The inability of vendors to provide patches for security vulnerabilities including but not limited to legacy/EoL products might be a significant factor, but even when patches are available, embedded systems are rarely patched. Insufficient firewalling of devices on the WAN side (by users, but also ISPs in case of ISP-supplied customer premises equipment, CPE) and the trend of IoT-enabled products are surely a factor as well,” SEC Consult explained.

The company has decided to release 331 certificates and 553 unique private keys uncovered during its research, along with the names of the products that use them. The goal is to allow others to reproduce the results of the study, find additional crypto key reuse cases, and aid the development of tools for detecting and exploiting such vulnerabilities.

Some might argue that releasing the keys is beneficial for malicious actors, but the security firm noted that attackers could easily reproduce the research and obtain the private keys themselves.

SEC Consult turned to CERT/CC for help in notifying affected vendors. According to CERT/CC’s advisory, only a few vendors confirmed being impacted and even those in many cases decided not to address the issue. Cisco, for instance, admitted that many of its products are exposed to MitM attacks due to certificate and key reuse, but the networking giant argued that such attacks are not easy to conduct.

Another affected vendor is HPE-owned networking company Aruba, which has used a GeoTrust-issued certificate that is valid until August 2017. The certificate in question is part of ArubaOS and it’s present on nearly 50,000 Internet-accessible devices. The certificate is also found in the firmware of a product from Alcatel-Lucent, to which Aruba provides OEM equipment.

This is a noteworthy case since unlike most other certificates found by SEC Consult, this one is signed by a browser-trusted certificate authority and it’s used not only for HTTPS but also for WPA2-Enterprise 801.X authentication.

“This allows attackers to do all kinds of nasty MITM attacks (active/passive HTTPS decryption, rogue access points, etc.),” SEC Consult warned.

Aruba has known about the issue since May 2015, and while the company has promised to migrate to device-specific self-signed certificates, it has decided not to revoke the problematic certificate.