A recent study has highlighted a significant vulnerability in RSA keys used across the internet, particularly in IoT devices.
Researchers collected and analyzed a vast dataset of RSA certificates, revealing that approximately 1 in 172 keys share a factor with another, making them susceptible to compromise.
This vulnerability arises primarily from poor random number generation during key creation, a common issue in IoT devices due to their limited entropy sources.
The Nature of the Vulnerability
The security of RSA keys relies on the secrecy of two large prime numbers used to generate the public key.
If these primes are not chosen randomly enough, it becomes possible for multiple keys to share a prime factor.
By computing the Greatest Common Divisor (GCD) of two RSA moduli, attackers can easily identify shared factors, compromising both keys.
This method is significantly simpler than factoring the RSA modulus directly and can be scaled to analyze large datasets efficiently.
The widespread use of IoT devices in sensitive environments amplifies the risk, as compromising these devices could lead to catastrophic consequences.
The study analyzed 75 million RSA keys from the internet and augmented this dataset with 100 million certificates from Certificate Transparency logs.
The results showed that while only a small fraction of keys in the latter dataset were compromised, the rate of vulnerability was much higher in the broader internet dataset.
According to the Report, this discrepancy is largely attributed to IoT devices, which often face design constraints and limited entropy, leading to predictable random number generation.
Previous research has also highlighted similar vulnerabilities, with notable instances in 2012 and 2016 where tens of thousands of keys were compromised due to shared factors.
Implications and Future Directions
The implications of this vulnerability are distressing, especially given the increasing presence of IoT devices in critical environments such as healthcare and transportation.
Compromising these devices could lead to severe consequences, including data breaches and physical harm.
Furthermore, patching vulnerabilities in IoT devices is often challenging due to their decentralized nature and lack of centralized management systems.
The accessibility of cloud computing resources also makes it easier for attackers to analyze large datasets and exploit these vulnerabilities at a relatively low cost.
To mitigate these risks, device manufacturers must ensure that their products generate keys with sufficient randomness, ideally incorporating external entropy sources.
Additionally, there is a need for better patching mechanisms and increased awareness among users about the potential risks associated with IoT devices.
As the IoT landscape continues to expand, addressing these vulnerabilities is crucial to maintaining the security and integrity of networked systems.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.Â
