Article Image

IPFS News Link • Hacking, Cyber Security

Internet of Things Encryption Vulnerabilities Show How Often Devs Rip-Off Code

• motherboard.vice.com

Some large portion of the Internet of Things has essentially left its backdoor wide open. This is according to a report released Wednesday by security researchers at SEC Consult examining SSH cryptographic keys and HTTPS secure server certificates from 4,000 different devices offered by 70 different manufacturers. As it turns out, these credentials are, more often than not, hard-coded and re-used among many different devices from sometimes even different companies.

(SSH and HTTPS are two ways a device might "talk" to a server and, thus, the internet.)

Of the 4,000 devices, SEC was able to identify only 580 unique keys. What does that mean? Imagine an apartment building of 4,000 rooms but with only 580 different locks; the odds would be pretty good that your neighbor and you share the same front-door key. It's a bit unsettling.

Note that we're not talking about internet-connected toaster ovens and Roombas but (mostly) basic networking technologies: home routers, modems, IP cameras, VoIP phones. Vulnerabilities here are far from trivial.


Home Grown Food