Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption The Internet Technology

Database of Private SSL Keys Published 200

Trailrunner7 writes "A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of a given router, making it a simple matter for an attacker to decrypt the traffic passing through the device. Published by a group called /dev/ttyS0, the LittleBlackBox database of private keys gives users the ability to find the key for a specific router in several different ways, including by searching for a known public key, looking up a device's model name, manufacturer or firmware version or even giving it a network capture, from which the program will extract the device's public certificate and then find the associated private SSL key."
This discussion has been archived. No new comments can be posted.

Database of Private SSL Keys Published

Comments Filter:
  • DD-WRT? (Score:4, Interesting)

    by Cheerio Boy ( 82178 ) on Monday December 20, 2010 @10:09AM (#34615430) Homepage Journal
    So how does this affect things like dd-wrt, open-wrt, and tomato where custom firmware is in place?
    • Re: (Score:3, Informative)

      by Rijnzael ( 1294596 )
      I recently just reinstalled DD-WRT on my router for various irrelevant reasons. However, I had set it up with remote SSH access on a non-standard port so I could tunnel through it to my home web server to retrieve documents and such. I just did this over the weekend, and today (my first day back at work since) I ssh'd into it, and was presented with a prompt by PuTTY to accept the key fingerprint. So, it appears, a unique key is generated at least between firmware installs.
    • Re:DD-WRT? (Score:5, Interesting)

      by blueg3 ( 192743 ) on Monday December 20, 2010 @10:33AM (#34615644)

      DD-WRT, at least, installs with no SSL certificate in place and auto-generates one the first time it starts up.

      This is really the correct solution, and a number of home routers actually do it.

      Of course, there's a tradeoff. If you use a fixed certificate, you can have it legitimately signed. Then, if someone does a man-in-the-middle attack, you get the browser warning that they're using a self-signed certificate. Unless, of course, they're using the real fixed certificate. If, on the other hand, you use an autogenerated certificate, then the self-signed cert browser warning always appears (as you can only autogenerate self-signed certificates). The user learns that clicking through this warning is a necessary part of changing their router configuration. Then, any man-in-the-middle attack works, since anyone can make a self-signed certificate. (Yes, if they or the browser store the original cert and compare it to the new one, then this is no longer an issue.)

      Realistically, I think this is a non-issue. If you're using home routers, they should only be configurable from the wired LAN, and only trusted people should be on that network.

      • If you're using home routers, they should only be configurable from the wired LAN, and only trusted people should be on that network.

        Then what's the polite way to tell house guests why you're not letting them check their Facebook?

        • Silently drop DNS requests to facebook.com and shrug and say it must be a problem at their end when they ask?
          • Silently drop DNS requests to facebook.com and shrug and say it must be a problem at their end when they ask?

            Then they'd try Google, their webmail, and other sites on their Favorites, and see that I'm silently dropping everything. Then they'd bug me to troubleshoot the "problem at their end" for free, and if I refuse to whitelist the MAC of their laptop or tablet, and I further deny them the use of one of my own computers "just for a minute" that inevitably turns into fifteen or more, I'm perceived as inconsiderate.

        • Then what's the polite way to tell house guests why you're not letting them check their Facebook?

          Simple: don't log in to the management interface of your router while you have untrusted house guests. Indeed, a man in the middle can only spy upon a conversation that takes place.

          Now, if your guests ask you to reconfigure your router because they need something special, just pretend you don't know how to do that, or that you forgot your password.

          Or, alternatively, only take in trusted house guests.

          • by tepples ( 727027 )

            if your guests ask you to reconfigure your router because they need something special, just pretend you don't know how to do that, or that you forgot your password.

            I could claim that online games that need incoming connections have to go through a vetting process. But with my disability, I don't know to what extent it'd be considered a dick move.

            Or, alternatively, only take in trusted house guests.

            That'd certainly be a dick move, especially if I am culturally expected to take in members of my extended family and friends of others living with me.

        • Then what's the polite way to tell house guests why you're not letting them check their Facebook?

          This may make no sense whatsoever, but, could you have your wireless access point sitting between your modem and your network - i.e. so that someone accessing the Wi-Fi network does not have access to the internal network. If you want to access something on the network via Wi-Fi, you VPN back into it - everyone gets to access Facebook etc., but not content on your LAN.

          If you need, restrict access to the a

          • by tepples ( 727027 )

            could you have your wireless access point sitting between your modem and your network - i.e. so that someone accessing the Wi-Fi network does not have access to the internal network.

            I could, but most home routers don't appear to support such a VPN setup out of the box, and most end users don't want to sit down for hours reading up on network security principles and the details of how to set up a VPN, especially when VPN is considered a "work thing", not a "home thing". The economies of scale in the home market currently favor devices whose design chooses convenience over security.

            • most home routers don't appear to support such a VPN setup out of the box, and most end users don't want to sit down for hours reading up on network security principles

              A fair point indeed - I guess I was just proposing a solution to the problem, based on my own considerations about wanting to enable guest/visitor Internet access, but not wanting everyone on the LAN, and that it was not necessarily a solution which would be feasible/desirable for everyone.

              Another solution might be Apple's Airport Extreme, which I believe will broadcast a guest Wi-Fi network, which doesn't touch the LAN side.

        • by blueg3 ( 192743 )

          Generally, house guests should be using the wireless network. The router should be configured so that the wired network, but not the wireless, is permitted to access the router configuration.

          • by tepples ( 727027 )

            Generally, house guests should be using the wireless network.

            Then the excuse, based on my experience, would be as follows: "At home, I always used an Ethernet cable with my Xbox 360, so I never felt the need to buy the proprietary wireless adapter that costs as much as two used games [google.com]."

            • by blueg3 ( 192743 )

              I don't understand. Are you saying that you don't have a wireless network at all, or you're talking about house guests using the Internet through your Xbox 360?

              Running your own limited-functionality devices on your wired network is acceptably safe, regardless of who's actually using the device, is permissibly safe.

      • Unfortunately I can't a way to restrict web management to the wired interfaces on my beat up little DD-WRT'd Fonera. Unless of course my eyeballs are failed today that is.

        And anyways that means I'd have to have a wire strung around just to do the management of my wifi. I can do that of course but it's damn inconvenient if I put the router in say the attic or something.
        • by Belial6 ( 794905 )
          It should be at Administration-->Remote Access-->Web GUI Management

          As for stringing cables. If the router is not in a place that you can just walk up to it, having a cable 'strung around' is irrelevant. There are wires strung around your whole house behind the walls, under the floors, and in the attic. If it is where you can walk right up to it, don't leave the cable strung around. Plug it in as needed.

          That being said, security on your router isn't any different than any other security you m
        • by blueg3 ( 192743 )

          If your network is wireless-only, clearly this won't work, and I think it's a fair request to want a wireless-only network.

      • by EdIII ( 1114411 )

        The self-signed certificate applies to a lot of routers for small business and enterprise. It does not make sense to spend that much money just to get a cert from an authority.

        I know that, for at least myself, the answer is VPN. So I am always configuring the routers from the LAN regardless of where I am. As a backup we allow a small number of trusted hosts to manage devices from the WAN. So from the datacenter we can always hit various branch offices and clients without a problem.

        • by blueg3 ( 192743 )

          At the business and enterprise level, it's reasonable to demand more rigor, is all. For example, if you can install your own cert, then you can have your own non-authoritative CA, sign your router certs with that, and install the non-authoritative CA's cert on the machines that need to configure the router. Or, make sure your machines that are allowed to configure the router are using a system where the SSL cert is stored and checked in the future so that you can detect MitM.

          Of course, there's always the wo

      • Thanks for this post. Could you explain why TFA says that DD-WRT routers are affected by this? If they behave as you describe (which is how I thought they behaved) why does the article indicate they are vulnerable to the static ssl key problem? Thanks for any info.

  • Good... (Score:4, Insightful)

    by bhsx ( 458600 ) on Monday December 20, 2010 @10:09AM (#34615432)
    Until Linksys, D-Link, Netgear, et al get their collective heads out their arses, these types of tools are great for pen testing small business networks. Personally, I can't wait for the Android app; maybe I could hack one together and get it out there...
  • VENONA (Score:5, Interesting)

    by schmidt349 ( 690948 ) on Monday December 20, 2010 @10:09AM (#34615438)

    Encryption is only as strong as the idiots who implement it. The Soviets learned that the hard way during the early part of the Cold War, when they accidentally reused random one-time pad encryptors. That led to the NSA's VENONA project, and we decrypted a pretty good amount of Soviet diplomatic and spy traffic before they were tipped off.

  • Old problem (Score:5, Interesting)

    by plsuh ( 129598 ) <plsuh@noSPaM.goodeast.com> on Monday December 20, 2010 @10:16AM (#34615500) Homepage

    Apple ran into something similar a long time ago for Mac OS X Server. The servermgrd daemon uses a self-signed SSL cert by default to secure communications with remote management tools. About four or five versions back the certificate was identical across all installations because it was contained in the installer package. Someone had to go down and show them that you could read all of the traffic by using sslsniff and the private key from your own copy of the installer. They changed to an individual, automatically generated certificate shortly thereafter.

    --Paul

  • Misleading? (Score:3, Insightful)

    by spankers ( 456500 ) on Monday December 20, 2010 @10:25AM (#34615586)

    From the article: "...making it a simple matter for an attacker to decrypt the traffic passing through the device". I'd think it would only be *to* the device.

    • Misleading^2 (Score:5, Informative)

      by formfeed ( 703859 ) on Monday December 20, 2010 @10:48AM (#34615806)

      I'd think it would only be *to* the device

      That, and I think the attacker has to be on the network you're using to administer the device.

      For a home router, with remote administration hopefully disabled, that would be your local net. So, if you have an attacker in your living room https: // 192.0.0.1 (or whatever) won't be any saver than http: // 192.0.0.1

      • by spydum ( 828400 )

        Bingo. If they already have a sniffer on your local network, you were compromised long before they decrypted your routers login.
        Most people send way more information over regular HTTP during the course of the day that you can imagine (people still using non SSL/TLS pop3/imap or SMTP is a great one).

        • If your wifi network is secured with WPA then I think HTTP traffic is encrypted to the router, no? And WPA isn't subject to this vulnerability b/c it has it's own user-generated encryption key, right? So this is only a problem if you're running an open wi-fi network (or using WEP ugh). Am I missing something?

  • by digitaldc ( 879047 ) * on Monday December 20, 2010 @10:30AM (#34615620)
    SSLKeyLeaks
  • "...simple matter for an attacker to decrypt the traffic passing through the device" Wrong. This will only give the attacker the ability to decrypt encrypted sessions to/with the device. Encrypted traffic going through the device to another nonidentical host will use a different private key.
    • Encrypted traffic going through the device to another nonidentical host will use a different private key.

      If you're using your router appliance as the endpoint of an HTTPS tunnel [wikipedia.org], then tunneled HTTP traffic will be unencrypted after it leaves the appliance. It appears this would let someone sniff passwords for blogs, forums, and wikis, many of which don't use HTTPS due to the cost of a hosting plan including a dedicated IPv4 address, if someone can't sniff the route from the proxy to the HTTP site but can sniff the one from you to the proxy.

  • OK, you own a private SSH key of a router.
    Now what?
    Remeber, you got the router key, not Alice's or Bob's!
  • Ok. I'm still not seeing how this would be valuable. To compromise this wouldn't the following things need to be in place?
    1. Router is being configured via wireless.
    2. No encryption on the wireless signal (or signal encryption is known)
    3. Configuring the router via https (common).

    So if I have WPA2 on and configure my router via a wire how would knowing my routers SSL key be all that valuable?

    • by JSBiff ( 87824 )

      Most routers can be configured to allow you to connect remotely over the Internet, using https to 'protect' your admin session. In practice, I don' know why most people would need to do this - for the most part, once you get one of those configured, you basically leave it alone forever. I suppose if you had a need to turn on port forwarding on some port, remotely, perhaps you'd want this. Maybe someone administering the router for a relative, friend, or client might want to enable it.

      In any case, in the sce

  • Do people really change the passwords on their home router?

    I suspect not...so this is pretty much a moot hack. I mean, why go through the trouble of sslsniff when you can just log in as admin/admin?

    http://www.phenoelit-us.org/dpl/dpl.html [phenoelit-us.org]

  • True story - I wrote the SSL/SSH code for an Embedded router a few years ago. I *didn't* specify a hard-coded key -- instead the router would freeze for a few seconds to generate the key when you first activated SSL or SSH (only the management CPU froze - traffic still went through). The router's CPU was pretty crappy - it took quite a while to generate a 2048-bit key pair.

    You can't imagine the amount of griping this slowdown caused from the product/marketing teams. They really really wanted it hard-co

  • A possible security control for home networks would be to disconnect from the public network when you are doing administrative work on the router. Then unless the attacker has already placed a sniffer on the home network, the encrypted login credentials would not be visible from the public network while the administrative work was being done.

    If the work involves the public network, perhaps the approach would be to disconnect during the login process and reconnect afterward. That might not prevent the atta

"The medium is the message." -- Marshall McLuhan

Working...