More than 4,000 embedded devices from more than 70 vendors, including internet gateways, routers, modems, IP cameras and VoIP phones, etc., have been found to be using static cryptographic keys that open the door to a range of attacks.
Worse, in many cases ISPs are exposing their customers via vulnerable operator-owned CPE used in the home. The keys are baked into the operating system of these devices; and all devices that use the same firmware use the exact same keys, opening up millions and millions of endpoints to cyber-criminals.
SEC Consult said that impersonation, man-in-the-middle or passive decryption attacks are possible. These attacks allow an attacker to gain access to sensitive information like administrator credentials that can be used in further attacks.
In order to exploit this vulnerability, an attacker has to be in the position to monitor/intercept communication. This is easily feasible when the attacker is located within the same network segment (local network). Exploiting this vulnerability via the internet is significantly more difficult, as an attacker has to be able to get access to the data that is exchanged. Attack vectors can be BGP hijacking, an "evil ISP", or a global adversary with the capability to monitor internet traffic.
The firm has found that the keys (a range of public keys, private keys and certificates) are mostly used for providing HTTPS and SSH access to the devices. In total, there are more than 580 unique private keys distributed over all the analyzed devices. These are being used in more than 15% of all HTTPS hosts on the web (about 150 server certificates and 80 SSH host keys, used by 4.1 million hosts).
“Some keys are only found in one product or several products in the same product line,” said SEC Consult, in an analysis. “In other cases, we found the same keys in products from various different vendors. The reasons vary from shared/leaked/stolen code, white-label devices produced by different vendors (OEM, ODM products) to hardware/chipset/SoC vendor software development kits (SDKs) or board support packages firmware is based on.”
In just one example, a certificate issued to a "Daniel" is used in firmware from Actiontec, Aztech, Comtrend, Innatech, Linksys, Smart RG, Zhone and ZyXEL. This certificate is found in a Broadcom SDK. The affected vendors used it as a basis to develop their own firmware. So, almost a half-million devices (more than 480,000) on the web are using this single certificate.
Researchers also found large clusters of devices with the same keys located in the networks of different ISPs. “We can deduce that devices are CPEs provided to subscribers,” they said. “These devices are owned, distributed and managed by ISPs and use ISP-specific firmware.”
US-based ISP CenturyLink exposes HTTPS remote administration on more than half a million devices, which is close to 10 percent of its total subscribers (6.1 million). Affected products include ZyXEL's Q1000, C1000Z, Actiontec's GT784WN, C2000A, C1000A, V1000H, and Technicolor's C2000T and C2100T. And TELMEX in Mexico exposes HTTPS remote administration on more than one million devices (22 million subscribers total). Affected products are various Huawei Internet Gateways including HG658d.
Telefónica in Spain (Movistar), China Telecom, VTR Globalcom in Chile, Chunghwa Telecom in Taiwan and Telstra in Australia are also exposing subscribers to attackers that can take advantage of the key re-use.
Photo © Iko