‘Alarming’ vulnerabilities discovered in RSA security for IoT

The vulnerability could leave cars, medical implants, and other critical devices open to attack.
16 December 2019

The vulnerability could affect devices, including some ‘connected cars’. Source: Shutterstock

The exponential growth of the Internet of Things (IoT) is driven by technological advancements such as artificial intelligence (AI), big data, and next-gen network like 5G. 

Developers and manufacturers are driven to design and deploy IoT at large scale, often with futuristic features, but as it’s increasingly becoming apparent, compromised security systems.

These devices can be found in settings such as hospitals, retail, and the automotive industry, whereby sensitive data (financial and personal-health records, for example) are stored, shared and used. Given the importance of securing this information, robust security standards are imperative. 

RSA is one of the first public-key cryptosystems and is commonly used to transmit data to a remote source. The cryptosystem holds two keys in which the encryption key is public and the decryption key is kept in private. 

Research by Keyfactor revealed 1 in every 172 active RSA certificates are susceptible to cyberattacks. In the study, researchers analyzed more than 170 million RSA certificates and keys used to protect real-world Internet traffic. 

Ted Shorter, Chief Technology Officer and co-founder at Keyfactor, was alarmed with the results. 

“The research finds inordinate rates of compromise impacting IoT devices with design constraints and limited entropy. These devices could include cars, medical implants, and other critical devices, that if compromised, could result in life-impacting harm,” Shorter shared.

In the research, active and publicly available RSA keys (which consist of the product of two large, randomly chosen primes) were mined to identify common factors. Any keys sharing one of their prime factors with another key are compromised by this technique. The analysis found over 435,000 certificates with a shared factor, with researchers able to rederive the private key.

In a real-world attack scenario, JD Kilgallin, Senior Integration Engineer and Researcher at Keyfactor, explained a threat agent could impersonate a server with a re-derived private key for an SSL/TLS server certificate. 

“The connecting user or device cannot distinguish the attacker from the legitimate certificate holder, opening the door to critical device malfunction or exposure of sensitive data,” Kilgallin warned. 

The malfunction and exposure of personal data in healthcare or automotive would lead to dire consequences. Hence, the study stresses the significance of security best practices, a random number generator for connected systems and cryptography to securely install firmware and software with continuous updates through the lifecycle of the device. 

Essentially, device manufacturers need to have security in design as a top priority and ensure developed devices have access to sufficient entropy and abide by best practices in cryptography to protect consumers.

“As is generally the case with cryptographic flaws, this issue is due to a fault in the implementation rather than any weakness with the underlying mathematics,” said Michael Barragry, operations lead and security consultant at edgescan.

“Public key certificates are one of the key pieces of infrastructure that enable various devices and servers to securely identify and trust each other. If a malicious actor can successfully spoof a certificate for a particular device, they can essentially masquerade as that device. Depending on the trust chain that it lies within, multiple further attacks may be possible.

“Vendors need to be conscious of the potential upstream impact of all design decisions, as in this case it seems like an innocuous shortcut around random number generation has given rise to a much more serious flaw,” Barragry advised.

“End-users should ensure that all devices in their infrastructure are kept patched and updated with the latest firmware. Devices of higher criticality should use multi-factor authentication for an additional layer of security.”