You would think people would be be taken aback if someone suggested saving money by using the same key on every new house built in a neighbourhood, if so you don't work for companies developing hardware for the Internet of Things. In a recent survey of 4,000 embedded devices from 70 hardware makers, Sec Consult found that many had the same hardwired SSH login keys and server-side SSL certificates. The numbers they provided The Register were a total 580 private keys were found distributed over all the analyzed devices, of which at least 230 are in already in use on the internet. To be fair this is not uncommon in consumer level firmware as companies do not even bother to check over the source code let alone change the security keys held within but it is a huge security risk. For a glimpse at how bad some of these supposedly secure certs and keys are read on at The Register.
"Lazy makers of home routers and the Internet of Things are reusing the same small set of hardcoded security keys, leaving them open to hijacking en masse, researchers have warned."
Here is some more Tech News from around the web:
- Nest defends web CCTV Cam amid unstoppable 24/7 surveillance fears @ The Register
- Fedora 23: An Impressive Release for Advanced Linux Users @ Linux.com
- Raspberry Pi Zero: £4 PC aims to bring machine to more hands @ The Inquirer
- It is now possible to unlock a Windows Lumia Phone for root access @ The Inquirer
- Samsung is mass producing 'Through Silicon Via' DDR4 memory in 128GB modules @ The Inquirer
- Defeating Chip and PIN With Bits of Wire @ Hack a Day
- Critical Zen Cart Vulnerability Could Spell Black Friday Disaster For Shoppers @ Slashdot
- Nvidia Shield Android TV @ eTeknix
Yes with everybody and their
Yes with everybody and their dog, hamster, whatever using the same supplied codes. The people in today’s technology/IOT market are the equivalent of the shysters, the grifters, and the snake oil salesmen of earlier times. And if you expect the Ad revenue driven businesses of today to be anymore honest and respecting of your privacy as the ad driven industries of the past, then you are a total brain dead moron!
It’s all about selling you a load of goods and nothing more! The spyware infested toasters and toothbrushes are just there to profile you, the better it is to pull one over on you and separate you from your money! They want domesticated Turkeys, Turkeys so inbred and dumb that they will drown to death in a rain storm, too dumb to get cover or to stop inhaling when their noses are filled with rain water. These IOT folks can never be trusted, don’t be a domesticated Turkey and fall for their lies!
“…don’t be a domesticated
“…don’t be a domesticated Turkey and fall for their lies!”
Honestly, its already too late for most. They just cant help it at this point.