Monday, May 5, 2025
Homecyber securityMillions of RSA Keys Exposed, Revealing Serious Exploitable Flaws

Millions of RSA Keys Exposed, Revealing Serious Exploitable Flaws

Published on

SIEM as a Service

Follow Us on Google News

A recent study has highlighted a significant vulnerability in RSA keys used across the internet, particularly in IoT devices.

Researchers collected and analyzed a vast dataset of RSA certificates, revealing that approximately 1 in 172 keys share a factor with another, making them susceptible to compromise.

This vulnerability arises primarily from poor random number generation during key creation, a common issue in IoT devices due to their limited entropy sources.

- Advertisement - Google News

The Nature of the Vulnerability

The security of RSA keys relies on the secrecy of two large prime numbers used to generate the public key.

If these primes are not chosen randomly enough, it becomes possible for multiple keys to share a prime factor.

By computing the Greatest Common Divisor (GCD) of two RSA moduli, attackers can easily identify shared factors, compromising both keys.

This method is significantly simpler than factoring the RSA modulus directly and can be scaled to analyze large datasets efficiently.

The widespread use of IoT devices in sensitive environments amplifies the risk, as compromising these devices could lead to catastrophic consequences.

The study analyzed 75 million RSA keys from the internet and augmented this dataset with 100 million certificates from Certificate Transparency logs.

The results showed that while only a small fraction of keys in the latter dataset were compromised, the rate of vulnerability was much higher in the broader internet dataset.

According to the Report, this discrepancy is largely attributed to IoT devices, which often face design constraints and limited entropy, leading to predictable random number generation.

Previous research has also highlighted similar vulnerabilities, with notable instances in 2012 and 2016 where tens of thousands of keys were compromised due to shared factors.

Implications and Future Directions

The implications of this vulnerability are distressing, especially given the increasing presence of IoT devices in critical environments such as healthcare and transportation.

Compromising these devices could lead to severe consequences, including data breaches and physical harm.

Furthermore, patching vulnerabilities in IoT devices is often challenging due to their decentralized nature and lack of centralized management systems.

The accessibility of cloud computing resources also makes it easier for attackers to analyze large datasets and exploit these vulnerabilities at a relatively low cost.

To mitigate these risks, device manufacturers must ensure that their products generate keys with sufficient randomness, ideally incorporating external entropy sources.

Additionally, there is a need for better patching mechanisms and increased awareness among users about the potential risks associated with IoT devices.

As the IoT landscape continues to expand, addressing these vulnerabilities is crucial to maintaining the security and integrity of networked systems.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

North Korean Hacker Tries to Infiltrate Kraken Through Job Application

Leading cryptocurrency exchange Kraken has disclosed that it recently thwarted an infiltration attempt by...

Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access

Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro...

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

North Korean Hacker Tries to Infiltrate Kraken Through Job Application

Leading cryptocurrency exchange Kraken has disclosed that it recently thwarted an infiltration attempt by...

Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access

Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro...

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...