back to article Shodan boss finds 250,000 routers have common keys

More than 250,000 routers used in Spain, and thousands more used in other countries, are using the same SSH key says Shodan kingpin John Matherly. The routers appear to be sold by Telefónica de España, according to Matherly, and are pre-configured with a single operating system image. The gaffe means the probable small …

  1. Flocke Kroes Silver badge

    Linus's public key on 100000 computers!

    If someone finds Linus's secret key, all those computers could be fooled into thinking Linux signed some source code that he didn't! Even worse, type:

    gpg --recv-keys 79BE3E4300411886

    and you get a copy of Linus's public key, and something similar will get you anyone else's (if they have one). It is almost as if public keys were available to anyone!

    The routers have two obvious uses for ssh keys. One use is for authenticating the router - in which case the same secret key is on every router. I could copy that key to another device, and the telco could be fooled into thinking they are talking to any one of their routers when they are really talking to my laptop.

    The other use is for remote administration. Each router could have its own key. When the telco does an update, the computer doing the update needs to know the secret key for every router. If a cracker can get one, she can get any or every secret key, so having only one key does not remove any security.

    What is the issue here?

    1. Dan 55 Silver badge
      Holmes

      Re: Linus's public key on 100000 computers!

      What's the difference between cracking two private keys and 350,000 (the number of routers in the two batches) private keys? Um, that's a tough one.

      1. Flocke Kroes Silver badge

        @Dan 55

        You are not making any sense. You can try to crack a public key - create the secret key by factorising the public key. You can try to crack an encrypted secret key by guessing the password. Even when I did not know which key this was about, the private key/keys were not encrypted. The challenge is to steal the unencrypted key/keys from where they are stored.

        1. Dan 55 Silver badge

          Re: @Dan 55

          Presumably if the same firmware image is replicated across a batch of 200,000 routers and another OS image is replicated across 150,000 routers, if all routers in each batch have the same public key, then all routers in each batch could also have the same private key.

          If this is so then you need to concentrate your efforts on one router from each batch and you will get keys which are good for 350,000 routers.

          1. Flocke Kroes Silver badge

            Re: @Dan 55

            A public key is the product of two large primes. The corresponding private key is the two primes not multiplied together, but in either order, so there are only two possible private keys. It is almost certain that if two public keys are the same, then so are the private keys. In this case, any competent cracker with physical access to the device can read the unencrypted private key. (In the other case, any cracker able to get the unencrypted private key from the telco could just as easily get every unencrypted private key if they were all different). There is nothing to decrypt here.

            If all the keys were different, and I had physical access to Alice's router, I could install my device that can pretend to the telco that it is Alice's router. As all the keys are the same, I cannot do that because the telco knows beyond all possible doubt that the secret key is not secret.

            <voice style="John Cleese/Romanes eunt domus">

            If understanding this is beyond the ability of the average commentard, imagine the near impossibility of explaining to a PHB why the telco needs to spend money maintaining a database of which customer has which key. If by some fiendishly cunning stratagem you sneak the database into the telco's budget how on earth are you going to explain what is going on to the customer when his router does not have the secret key in the database?

            </voice>

            1. John H Woods Silver badge

              Re: @Dan 55

              "A public key is the product of two large primes" - Flocke Kroes.

              It's not usually as simple as that; and if you are thinking of the RSA cryptosystem the public key is an exponent and a modulus, whilst the private key is another exponent (and the same modulus).

              I may be missing something here but ... when you ssh to a router, you check the public key is the one that you expect, then you store it. So, the small problem is that, as they all have the same public key, you could mistakenly recognise another router for your own. But the big problem is that they all have the same private key, as you said. So if you go and buy a router at the shop, and extract its private key, you now have the private key for tens of thousands of routers, rather than just for the router you have purchased.

    2. Flocke Kroes Silver badge

      Found which key it is:

      Dropbear's banner tells you the public key used to authenticate the device, so the secret key is on the device. With physical access and a little hacking, you can copy the secret key to some other device. You can put some other device where the router is, and when the telco tries to log in, you can fool them into thinking your device is the router they supplied.

      As the same key is used by many routers, if you can get between the telco and someone else's router, you can convince the telco that they are updating the customer's router when they are really talking to yours. This leaves the customer's router with out-of-date software.

      Now imagine what changes when every router has its own key. The telco could keep a database of which key belongs to the router of each customer. When they do updates, they can check that they are talking to a device with the right secret key. If they assume someone with physical access to the router did not copy the key to another device, then they can have confidence that they are updating the router in the customer's home and not some man-in-the middle device.

      I can easily imagine the majority of ISP's not bothering to maintain the database. Pretend one does, and finds the wrong key where they expect a customer's device. There are plenty of legitimate reasons: mixing up which device went where so the database is wrong. The customer using his own router - and giving the unused one to a friend whose router broke. The customer generated a new key pair, or the NSA are preventing router updates. So the telco knows something is going on. What are they going to do?

      Email the customer man in the middle with an explanation of the issue? Phone up the customer and explain what a secret key is?

      Is there a genuine threat that could realistically be countered by telling each router to generate its own keys? If all the keys were different, would you assume that your new device is the only place where the secret key is stored?

    3. I. Aproveofitspendingonspecificprojects

      Ramifications

      I am a bit thick when it comes to stuff like this. What is the meaning for settled law cases where people have been found guilty of piracy and they claimed innocence?

      Will every case in (presumably) the western world have to go back to court or will everyone get a free pass/pardon/whatever?

      (Just hoping that the people who claim they own all the music in the world will go broke paying back the damages they "claimed".)

  2. Anonymous Coward
    Anonymous Coward

    People never seem to learn. A monoculture is a bad thing.

    Having all of one ISPs customers on one hardware box with a flaw is a godsend for the DDOS kiddies.

    1. Flocke Kroes Silver badge

      I am Brian and so is my wife

      Everyone with one of these routers can find the private key. If the key is not on the internet already it will be soon. Everyone who knows how to set up an ssh server will be able to pretend that their box is one of the 250,000 routers. After they have stolen all the underwear, how to they profit?

  3. Anonymous Coward
    Anonymous Coward

    Shodan, where have I heard that name...?

    Oh yes, I know, I see 'shodan.io' appearing in log files on a fairly regular basis as they test my mail server several times a month which seems to be essential to their 'probing services' that perform no useful function other than as a script-kiddie or spammer targeting selector. Seriously, you don't have to make it easier for them, just piss off and find something useful to do.

    Sorry, that sounded childish. Well done for publishing a list of IPs of people who did not previously know that they could hack each other. Pillocks.

    Along with everyone else who performs this kind of 'service', TLS probes (why?), relay probes (not spammers and not acting on behalf of complainants either, of which there have been zero), email address verification (just send the email, if you can't cope with bounces you shouldn't be running a mailing list), and amazon compute instances that don't need direct outside access to port 25, so who are the ones creating opportunities for the most trouble? The kids/spammers who use the lists or those who create and publish/leak them in the first place?

    Anon because this ended up being more about venting steam than anything else.

  4. Anonymous Coward
    Anonymous Coward

    If they have the same public key, they have the same private key. Got one, got them all. That can be used for channel sniffing, revealing my user name and password. Open exploit if any of these are wireless devices. In some neighborhoods your neighbours will do this.

    Apart from that,

    Public keys are used to encrypt communications. Private keys are used to decrypt communications. Anyone who knows your public key can use it to encrypt communications with you. This is security by obscurity: this obscure encrypted communication is normally used to exchange session keys, which provide actual security.

    Knowing this security-by-obscurity public key, I can set up a secure session with my router, and use that session to send a login password to my router. Knowing the same obscure public key will not help anyone decrypt the secure key exchange or the password, since the secret key is needed for the first, and the exchanged key for the second.

    However, knowing the security-by-obscurity public key will allow any user to connect to my SSH channel, a first step required to guessing or forcing my password.

  5. David Roberts

    Just checking...

    So the threat is that if:

    (1) remote management is enabled

    (2) the router has the default admin user/password

    then bad people could ssh into your router and change stuff (like your DNS server)?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like