back to article Internet of crap (encryption): IoT gear is generating easy-to-crack keys

A preponderance of weak keys is leaving IoT devices at risk of being hacked, and the problem won't be an easy one to solve. This was the conclusion reached by the team at security house Keyfactor, which analyzed a collection of 75 million RSA certificates gathered from the open internet and determined that number combinations …

  1. GnuTzu Silver badge

    And, if developers go looking for alternate sources of entropy, what shall we bet that bad sources of entropy will eventually get incorporated and oh boy.

    1. sad_loser
      Black Helicopters

      this matters more than people think

      if the IoT is a medical device.

      compromised pacemakers etc are already in the wild.

      you would think with all that interaction with nature the opportunities to seed would be endless.

      1. phuzz Silver badge

        Re: this matters more than people think

        "you would think with all that interaction with nature the opportunities to seed would be endless"

        But they'll try something like "I know, lets just record some noise from the antenna, RF noise is bound to be random!", but once the device is in the outside world, it then turns out that recording direct from the antenna actually produces an easily reproducible sequence because it was just picking up the harmonics from someone's microwave oven (for example).

        Making actually random numbers is hard, you're better off just using 4. It's definitely random because I rolled a dice, and now you can use it too.

  2. Warm Braw Silver badge

    The embedded gear is often based on very low-power hardware

    It's also often attached to environmental sensors and intended to be switched on more or less permanently, so there is potentially the time and the means to increase entropy.

    1. stiine Silver badge

      Re: The embedded gear is often based on very low-power hardware

      Only if you want to wait 3 months before you can use it...

      Alternately, it coud be down to a single badly written library used by all of the vendors, we've seen this before in the cheap video-camera applications.

      1. Brian Miller

        Re: The embedded gear is often based on very low-power hardware

        Besides libraries, some chips with a "High-quality Random Number Generator" fail 50% of the DieHarder test suite.

        Another problem is that the certificates in question could be generated at the factory, right when the device is turned on, with no entropy available because it's on an isolated network with the test machine. Sure, with a tiny bit of work they could get around this, but they just don't do it.

        1. Version 1.0 Silver badge

          Re: The embedded gear is often based on very low-power hardware

          "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." - John von Neumann, 1951

          1. Michael Wojcik Silver badge

            Re: The embedded gear is often based on very low-power hardware

            Anyone who quotes von Neumann on random numbers in a discussion of true1 physical RNGs is in a state of irrelevance.

            1Or, if you believe in strict determinism, intractable physical RNGs. But if strict determinism is true, then you have no free will and thus no choice over whether to split hairs over what might constitute "true randomness", so either you're wrong in your belief or there's no point in reading this footnote. Of course, in the latter case, you have no choice of whether to read the footnote.

      2. mikepren

        Re: The embedded gear is often based on very low-power hardware

        Doesn't it say all the devices are from azure? Surely that's the issue? All that virtulisation means limited entropy feed

      3. DougS Silver badge

        Re: The embedded gear is often based on very low-power hardware

        Shouldn't take months, considering the rate at which PCs can acquire randomness it might take a few hours. So start out using a weak key and then replace it after it has been running long enough to generate a strong one. Not perfect, but better than always using the weak key.

        Alternatively, when first powered on they could connect to home base to get the initial key, and then replace it a few hours later. That prevents the weak key window, but I imagine some people would not be very comfortable with that.

        Maybe some public organization needs to set up an internet accessible source of entropy as a public service, similar to how there are NTP servers as a public service...

        1. Michael Wojcik Silver badge

          Re: The embedded gear is often based on very low-power hardware

          So start out using a weak key and then replace it after it has been running long enough to generate a strong one

          They're talking about the private half of a key pair with an associated certificate, are they not? So replacing the private key would mean requesting a new certificate from the CA and updating that. And that means the device would have to be able to create a CSR (or use some other, almost certainly worse, protocol for the certificate request), contact the CA, and install the new certificate; it's not simply a matter of replacing a single key.

          And the CA would have to be able to verify the identity of the requesting device. It could counter-sign its CSR with its existing key, but the whole problem is the existing key is weak.

          A simpler fix would be to add some better entropy-generating hardware to the device. I don't pay close attention to current research in HRNGs, but I'd bet that even traditional techniques such as Zener diode avalanche noise or reverse-bias transistor noise would improve whatever these weak-key devices are currently doing. These aren't expensive techniques and multiple instances can be run in parallel.

          Of course, as someone else posted above, some of these devices may be getting keys burned in at manufacturing time, and it's simply a matter of better manufacturing.

      4. Wim Ton

        Re: The embedded gear is often based on very low-power hardware

        That is why we (as an IoT manufacturer) inject externally generated key pairs during personalization. We use one of the Gemalto boxes as RNG.

  3. Stoneshop Silver badge
    Holmes

    From the article

    "The widespread susceptibility of these IoT devices poses a potential risk to the public due to their presence in sensitive settings,"

    1. Michael Wojcik Silver badge

      Re: From the article

      The widespread susceptibility of these IoT devices poses a potential risk to the public due to their presence in sensitive settings

  4. Claptrap314 Silver badge

    As always..

    The "S" in "IoT" stands for security.

  5. This post has been deleted by its author

  6. Will Godfrey Silver badge
    Unhappy

    But, but, but...

    Profits!

  7. Mike 137 Bronze badge

    The reality is ...

    The reality is that vendors don't give a fetid dingo's kidneys (to quote Douglas Adams) as long as the crap sells. With negligible exceptions IoT is the biggest con since the South Sea Bubble. Using complicated overkill tech to do simple things like switching on a light or unlocking a door has only one purpose - to sell the complicated overkill tech (and preferably to monetise a data stream from it). But apparently you can fool most of the people most of the time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020