435,000 Weak RSA Keys Identified in IoT Devices

RSA is a commonly used encryption protocol for securing communications. RSA encryption uses asymmetric cryptographic keys, one of which is public and can be shared and the other is private. In order to decrypt data, the private key is required.

RSA keys are created by multiplying two random prime numbers. These prime factors should be different. No two RSA keys should share the same prime factors, but researchers at Keyfactor have discovered that is not always the case, especially for RSA certificates on IoT devices.

The Keyfactor researchers studied 75 million active RSA keys together with a further 100 million certificates found in public certificate transparency logs. They used a single Microsoft Azure virtual machine to analyze the RSA keys and discovered 435,000 certificates used a shared factor. That corresponds to around 1 in 172 RSA keys. The discovery allowed them to derive the private key and break the encryption on 435,000 certificates with a single Azure virtual machine and just $3,000 of Azure compute time.

“In a real-world attack scenario, a threat actor with a rederived private key for an SSL/TLS server certificate could impersonate that server when devices attempt to connect,” explained JD Kilgallin, senior integration engineer and researcher at Keyfactor. That would allow them to intercept, view, and alter sensitive data.

Most implementations use true random factors for generating RSA keys, but many devices lack the entropy to be able to generate true random factors. This is often because the devices lack the necessary processing power, as is often the case with lightweight IoT devices. That means there is a lack of randomness and, as such, the prime factors can be predicted. The prime factors should be different for each key, but the lack of entropy means that the same prime factors are often used.

There is nothing inherently wrong with RSA as the flaws lie in how RSA is implemented, but this has major implications.  The researchers found the weak certificates in firewalls, modems, routers, and several other network devices. They are also present in connected cars and many medical devices and medical implants.

“These concerning findings highlight the need for device manufacturers, website and network administrators, and the public at large to consider security, and especially secure random number generation, as a paramount requirement of any connected system,” explained the researchers.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news