Discussioni sulla computer security
 

Chiavi private "riutilizzate" in molte periferiche

Arne Saknussemm 3 Dic 2015 10:43
"In the course of an ******* research project we have *****yzed the
firmware images of more than 4000 embedded devices of over 70 vendors.
The devices we have looked at include Internet gateways, routers,
modems, IP cameras, VoIP phones, etc. We have specifically *****yzed
cryptographic keys (public keys, private keys, certificates) in
firmware images"

"The source of the keys is an interesting aspect. Some keys are only
found in one product or several products in the same product line. In
other cases we found the same keys in products from various different
vendors. The reasons vary from shared/leaked/stolen code, white-label
devices produced by different vendors (OEM, ODM products) to
*****ware/chipset/SoC vendor software development kits (SDKs) or board
support packages firmware is based on"

"Impersonation, man-in-the-middle or passive decryption attacks are
possible. These attacks allow an attacker to gain access to sensitive
information like administrator credentials which can be used in further
attacks. In order to exploit this vulnerability, an attacker has to be
in the position to monitor/intercept communication. This is easily
feasible when the attacker is located within the same network segment
(local network). Exploiting this vulnerability via the Internet is
significantly more difficult, as an attacker has to be able to get
access to the data that is exchanged. Attack vectors can be BGP
hijacking, an "evil ISP", or a global adversary with the capability to
monitor Internet traffic."

http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

https://www.kb.cert.org/vuls/id/566724

Alla faccia della backdoor :P quanto sopra, in breve, significa che
moltissime periferiche (routers, webcams, telefoni VoIP...) utilizzano
lo stesso certificato privato e questo, in pratica, significa che
prendere il controllo totale di tali periferiche o intercettarne il
traffico diventa "b*****e"


--
If you're not part of the solution, you're part of the precipitate.
Arne Saknussemm 3 Dic 2015 10:44
On Thu, 3 Dec 2015 10:43:35 +0100
"Arne Saknussemm" wrote in it.comp.sicurezza.varie
<20151203104335.00001621@eternal-september.org>:

>
> "In the course of an ******* research project we have *****yzed the
> firmware images of more than 4000 embedded devices of over 70 vendors.
> The devices we have looked at include Internet gateways, routers,
> modems, IP cameras, VoIP phones, etc. We have specifically *****yzed
> cryptographic keys (public keys, private keys, certificates) in
> firmware images"

per completezza

"We found more than 900 products from about 50 vendors to be
vulnerable. Of course our data is limited to the firmware we had access
to. Affected vendors are: ADB, AMX, Actiontec, Adtran, Alcatel-Lucent,
Alpha Networks, Aruba Networks, Aztech, Bewan, Busch-Jaeger, CTC Union,
Cisco, Clear, Comtrend, D-Link, Deutsche Telekom, DrayTek, Edimax,
General Electric (GE), Green Packet, Huawei, Infomark, Innatech,
Linksys, Motorola, Moxa, NETGEAR, NetComm Wireless, ONT, Observa
Telecom, Opengear, Pace, Philips, Pirelli , Robustel, Sagemcom,
Seagate, Seowon Intech, Sierra Wireless, Smart RG, TP-LINK, TRENDnet,
Technicolor, Tenda, Totolink, unify, UPVEL, Ubee Interactive, Ubiquiti
Networks, Vodafone, Western Digital, ZTE, Zhone and ZyXEL."

:P

Links
Giochi online
Dizionario sinonimi
Leggi e codici
Ricette
Testi
Webmatica
Hosting gratis
   
 

Discussioni sulla computer security | Tutti i gruppi | it.comp.sicurezza.varie | Notizie e discussioni sicurezza varie | Sicurezza varie Mobile | Servizio di consultazione news.