Weekly Edition
Return to the Security page
| |||||||||||||
Breaking SSL on Embedded Devices (/dev/ttyS0)
The /dev/ttyS0 site has a
discussion of the implications of the LittleBlackBox
project. "Here's where it gets fun: many of these devices use
hard-coded SSL keys that are baked into the firmware. That means that if
Alice and Bob are both using the same router with the same firmware
version, then both of their routers have the same SSL keys. All Eve needs
to do in order to decrypt their traffic is to download the firmware from
the vendor's Web site and extract the SSL private key from the firmware
image." (Thanks to James Andrewartha).
(Log in to post comments)
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 22, 2010 17:09 UTC (Wed) by flewellyn (subscriber, #5047) [Link]
Ohhhh, that is SO not good, on SO many not-good levels.
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 22, 2010 18:32 UTC (Wed) by NAR (subscriber, #1313) [Link]
On the other hand the web interface of these devices are known to be vulnerable, so nobody would remote manage them anyway, would they?
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 22, 2010 18:39 UTC (Wed) by rahvin (subscriber, #16953) [Link]
By remote management you mean over wireless right? Afterall, if the wireless is crackable and the HTTP session is crackable, the only security is a direct network connection.
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 22, 2010 18:48 UTC (Wed) by flewellyn (subscriber, #5047) [Link]
We can't assume that customers will know to disable such remote management, if that's even possible on a given device.
And even if it is, and even if some customers do know to do so, it's still an open hole until manually closed. A networked device should be secure as possible by default.
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 22, 2010 18:06 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]
Heh. We make embedded devices and recently we had a discussion about hard-coding SSL host keys because host key generation takes some time during device setup (as it's done on the devices themselves).
I'm glad I won the argument :)
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 22, 2010 20:08 UTC (Wed) by aleXXX (subscriber, #2742) [Link]
Serious question (hope it doesn't sound too stupid): so you create a new pair of keys once or on every boot ?
And everytime I connect to the device I have to say that yes, I accept the untrusted key ?
Alex
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 22, 2010 20:28 UTC (Wed) by nmav (subscriber, #34036) [Link]
Why generate on every boot? Generate the keys once (initial boot) and store them in flash. This is what was occurring in the products (DSL routers) I've worked on. I've never actually seen a product that actually is using a common key/certificate pair for the whole product line, but I wouldn't be surprised if they exist.
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 22, 2010 21:06 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]
No, we do it once on the first boot. It takes a fair amount of time on our weak 166MHz MIPS CPUs. So time to flash a device significantly increases, as we use these keys on the last stage of device preparation to log into a newly flashed device using SSH to run self-tests.
It's no wonder other vendors just use fixed host keys.
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 23, 2010 1:32 UTC (Thu) by fuhchee (subscriber, #40059) [Link]
What do you do w.r.t. certificates for the new keys? Or are they all just self-signed?
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 23, 2010 3:53 UTC (Thu) by kevinm (guest, #69913) [Link]
How could they usefully be signed? What identity would the signature be confirming?
The only useful models are:
- Signed certificate provided by the user, tied to an identity that is an attribute of its installation environment (eg its FQDN); or
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 23, 2010 0:47 UTC (Thu) by pabs (subscriber, #43278) [Link]
I wonder how many cloud images and installs have common SSH/SSL keys.
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 23, 2010 4:52 UTC (Thu) by jwb (guest, #15467) [Link]
A good question. It would be easy enough to survey Amazon EC2. I know the EC2 images from canonical -- and those made with the ubuntu image building scripts -- generate their host keys and such at first boot, not at image building time.
Breaking SSL on Embedded Devices (/dev/ttyS0) Posted Dec 23, 2010 9:49 UTC (Thu) by Trou.fr (subscriber, #26289) [Link]
"All Eve needs to do in order to decrypt their traffic is to download the firmware from the vendor's Web site and extract the SSL private key from the firmware image"
This is plainly wrong if the embedded web server uses ephemeral Diffie-Hellman for key exchange. Eve would then have to (transparently) man in the middle the connexion.
|
|||||||||||||