Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Database of Private SSL Keys Published

CmdrTaco posted more than 3 years ago | from the but-those-are-secret dept.

Encryption 200

Trailrunner7 writes "A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of a given router, making it a simple matter for an attacker to decrypt the traffic passing through the device. Published by a group called /dev/ttyS0, the LittleBlackBox database of private keys gives users the ability to find the key for a specific router in several different ways, including by searching for a known public key, looking up a device's model name, manufacturer or firmware version or even giving it a network capture, from which the program will extract the device's public certificate and then find the associated private SSL key."

cancel ×

200 comments

Sorry! There are no comments related to the filter you selected.

what? (1)

Anonymous Coward | more than 3 years ago | (#34615336)

What is the consequence of this?

Re:what? (5, Informative)

Rijnzael (1294596) | more than 3 years ago | (#34615390)

Presumably it will allow an attacker the ability to listen passively for traffic between a router administrator and the router itself, allowing the attacker to gather login credentials and use them to whatever ends they intend.

Re:what? (1)

Lord Byron II (671689) | more than 3 years ago | (#34615410)

So what's the attack scenario? I'm at work and a malicious co-worker can use this against me, how?

Re:what? (3, Informative)

bunratty (545641) | more than 3 years ago | (#34615444)

They can get your password as you send it to the router, even though the password is encrypted.

Re:what? (2)

skids (119237) | more than 3 years ago | (#34615460)

You are at work and you decide to login to your home router's web server to look at statistics or make a change or whatnot.

A coworker sniffing your https traffic can decode it because he has the key. He can then see your administrative password and login to your router.

Re:what? (2)

AliasMarlowe (1042386) | more than 3 years ago | (#34616642)

You are at work and you decide to login to your home router's web server to look at statistics or make a change or whatnot.

Administering a home router from outside the firewall was already known to be foolhardy. How many people allow remote administration of their router? If a home server is also hosted on the router, or is protected from remote administration only by the router, then it is also placed at risk by allowing remote administration of the router.
Our router only accepts administration from behind its firewall. Our web server only accepts administration from a subset of IP addresses behind the firewall (and not including the router). Hell, even the printer is set up that way.

Re:what? (5, Informative)

Rijnzael (1294596) | more than 3 years ago | (#34615480)

1) Router administrator negotiates an HTTPS or SSH session with a router or other hardware
2) Attacker is either listening passively or is a man in the middle (via ARP poisoning or what have you). Because they have the private key, they can advertise themselves as being the router without raising the alarm with your SSH client or browser
3) You provide credentials to the router (or MITM). The credentials are logged by the attacker
4) You proceed to do whatever you intended to do in the router's configuration, and log out.
5) Some time later, the attacker logs into the router as you, and makes nefarious changes to the router configuration (such as uploading compromised firmware which logs traffic, or has a backdoor, etc). Any changes done look like they've been done by the router administrator.

I don't know how likely this is in a work scenario though; I haven't searched the database for common mid-level to enterprise routers/remotely configurable switches. More than likely, in a work situation, you'd be using hardware which generates a key pair upon initial configuration. The scenario above is more likely to apply to SOHO, or to consumer wireless hardware in the home.

Re:what? (3, Interesting)

cgenman (325138) | more than 3 years ago | (#34615516)

More than likely, in a work situation, you'd be using hardware which generates a key pair upon initial configuration. The scenario above is more likely to apply to SOHO, or to consumer wireless hardware in the home

I'm vaguely shocked that any home routers would be using hardcoded private keys. That would be like every Schlage front door knob having identical keys. It's not just a mistake, it's extremely negligent security 101.

Re:what? (1)

Thinboy00 (1190815) | more than 3 years ago | (#34615598)

The companies that make these things are interested in interoperability, price, and security theater. Note that real security isn't on that list.

Re:what? (0)

Anonymous Coward | more than 3 years ago | (#34615602)

Blame browsers.

Every browser insisting that a self-signed certificate is less secure than non-encrypted http would probably play a big role in why router manufacturers have chosen hard-coded keys rather than auto-generated ones.

Re:what? (1)

0123456 (636235) | more than 3 years ago | (#34615700)

Every browser insisting that a self-signed certificate is less secure than non-encrypted http would probably play a big role in why router manufacturers have chosen hard-coded keys rather than auto-generated ones.

Yeah, because we should allow our browsers to accept a self-signed key for www.mybank.com in order to make life easier for router manufacturers.

Totally.

Re:what? (1)

DarkOx (621550) | more than 3 years ago | (#34615876)

Self signed certificates are ALWAYS more secure if you can trust the issuer. For instance if I went to my local bank branch and the manager there handed me a key in person and told me to go home and install it to validate their online site, that would be better than the Verisign cert they use now.

It only requires I trust the bank and not a third party CA as well, which I know from experience buying them that they don't always do the due diligence correctly.

The practical way to do this for the home routers is this:

Let the use wire it up and connect to it the first time, the WAN port is shutdown at this point.

When the first connection is made the router uses a hard coded CA signed certificate.

The router generates a new certificate and self signs that certificate.

The user is instructed to download the public part, and import it into their browser, operating system key store, or whatever on the devices they want to use. If they will be connecting from remote sites encorage them to put a copy on a USB stick. For Windows users this is A ONE CLICK OPERATION so not a big deal.

The use returns to the router config URI and continues setup.

In the case of the bank (1)

tepples (727027) | more than 3 years ago | (#34616042)

For instance if I went to my local bank branch and the manager there handed me a key in person and told me to go home and install it to validate their online site, that would be better than the Verisign cert they use now.

Would they hand it to you on a CD? Tablets and netbooks don't have internal optical drives, nor do they necessarily come bundled with an external one. On a USB flash drive? Netbooks have USB host ports, but tablets and phones often (usually?) don't, and furthermore, blank USB flash drives are fairly expensive at retail (I don't know about wholesale). Besides, a targeted worm like Stuxnet could dick with the program that installs it to the operating system's key store, especially due to lack of file permissions on removable media such as USB flash drives.

Re:what? (0)

Anonymous Coward | more than 3 years ago | (#34616406)

He can still do something similar, he can dictate/print out the private key fingerprint for you.

Re:what? (1)

0123456 (636235) | more than 3 years ago | (#34616492)

Self signed certificates are ALWAYS more secure if you can trust the issuer.

How do you trust the issuer when you don't have any way to know who the issuer is?

For instance if I went to my local bank branch and the manager there handed me a key in person and told me to go home and install it to validate their online site, that would be better than the Verisign cert they use now.

Dude, that key was created by an Elbonian hacker who's now going to steal your bank account thanks to his friend at the bank handing it out to customers who are dumb enough to trust a random self-signed certificate that's handed to them.

Re:what? (1)

mlts (1038732) | more than 3 years ago | (#34616178)

Ideally, browsers should have three SSL security levels:

Self-signed SSL cert. For the average user, it shouldn't bring up a lock icon, but something different saying the site is using some basic, untrusted cryptography to communicate.

CA certs. Usual lock icon. Perhaps a green lock icon for the EV certs. I'd like to see a "temperature gauge" with CA certs, because I trust Verisign, Thawte, RSA, and Symantec far more than I do some CA in Elbonia who happens to have their root cert marked as trusted in the browser.

Certs that are explicitly trusted, where the key ID, fingerprint, and other information is marked as secure in the browser. The SSH protocol does this; shouldn't browsers do this especially if you know what key you are communicating with? This way, no jacked CA could say a bogus key is real. You either communicate to the right key, or it gets rejected.

As a stopgap measure, Web browsers should have the option to notify you if a cert changed, and show it. The Certificate Patrol add-on in Firefox does this, but this should be built into the browser.

Re:what? (2)

0123456 (636235) | more than 3 years ago | (#34616442)

Ideally, browsers should have three SSL security levels:

Self-signed SSL cert. For the average user, it shouldn't bring up a lock icon, but something different saying the site is using some basic, untrusted cryptography to communicate.

'Average users' are precisely the kind of people who have to be beaten over the head with the fact that they're connecting to a site with a self-signed certificate. Average users typically don't check for a lock icon in the first place, so they're sure as hell not going to check for a self-signed certificate icon.

The real problem is that the entire CA model is fundamentally broken, not that browsers give warnings for certificates that might be OK or might be an Elbonian hacker trying to steal your bank account.

The cost of CA-signing each key (0, Redundant)

tepples (727027) | more than 3 years ago | (#34615624)

I'm vaguely shocked that any home routers would be using hardcoded private keys. That would be like every Schlage front door knob having identical keys.

But I can guess why it probably happened. Before StartCom started offering a gratis SSL certificate to the owner of a domain, it cost a substantial chunk of change to get an HTTPS server's public key signed by a certificate authority on the major web browsers' root CA lists. So instead, home web appliance makers used one key, got it signed once, and shipped it in every device of a given model. In order to generate individual keys per device, an appliance maker would have had to A. include the price of a CA-signed SSL certificate in the wholesale price, B. include a CD that installs the appliance maker's root certificate (and hear whining from Mac/Linux users that the EXE doesn't run), or C. register as a CA with each of the major web browser makers.

Re:The cost of CA-signing each key (5, Informative)

ArsenneLupin (766289) | more than 3 years ago | (#34615828)

Where is the misinformative label when you need it?

This has zit to do with certification authorities, because the certificate would not be recognized as valid by any browser, because the DNS name would not match. And no certification authority worth their salt would sign a certificate for 10.0.0.1 or similar nonsense.

So, the solution would be D. generate a unique private/public key pair for each device, and have the user manually accept the certificate as an "exception" on first usage. Which he has to do anyways, even if all routers use the same certificate.

Moderators, please don't mod articles about certificates if you don't understand how certificates work.

Re:The cost of CA-signing each key (1)

tepples (727027) | more than 3 years ago | (#34615872)

the certificate would not be recognized as valid by any browser, because the DNS name would not match. And no certification authority worth their salt would sign a certificate for 10.0.0.1 or similar nonsense.

Which is why the built-in DNS server on e.g. NETGEAR routers points routerlogin.net to the appliance's private IP address.

Re:The cost of CA-signing each key (1)

ArsenneLupin (766289) | more than 3 years ago | (#34615954)

Which is why the built-in DNS server on e.g. NETGEAR routers points routerlogin.net to the appliance's private IP address.

Smart...but it would have to be routerlogin.netgear.net or else no CA would sign this.

hmmm... but:

> dig routerlogin.netgear.net
; > DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 > routerlogin.netgear.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25491
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;routerlogin.netgear.net. IN A

;; ANSWER SECTION:
routerlogin.netgear.net. 3531 IN A 64.95.64.197

;; AUTHORITY SECTION:
netgear.net. 172731 IN NS ns.buydomains.com.
netgear.net. 172731 IN NS this-domain-for-sale.com.

;; ADDITIONAL SECTION:
ns.buydomains.com. 7131 IN A 64.95.64.93
this-domain-for-sale.com. 3531 IN A 206.83.79.30

;; Query time: 24 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 20 16:58:01 2010
;; MSG SIZE rcvd: 155
And you are positively sure that the certificate of your router is really signed by a CA, and that you didn't have to "accept" it on first login?

Re:The cost of CA-signing each key (1)

AndrewNeo (979708) | more than 3 years ago | (#34616152)

Except Netgear owns netgear.com, not netgear.net..

Re:what? (1)

SydShamino (547793) | more than 3 years ago | (#34615970)

That would be like every Schlage front door knob having identical keys.

They (mostly) all do - it's the Bump key [google.com] .

Re:what? (2)

mlts (1038732) | more than 3 years ago | (#34616102)

+1

Any device made by a sane security designer would either generate a key pair where a cert would be sent to the device maker to be certified, or have a unique private key installed at the factory where it can be signed with a CA before it ships (although this gives the issue of trusting pre-generated keys even though they are individual and different per device.)

With how brutal attacks through the Internet are, this is bordering on criminal negligence on a massive scale.

Of course, it looks like the only way to get around this (assuming the Web server on the WAN side can be disabled) is to have ssh available, ssh in to a hardened machine on the inside (that has a unique, known key), then view the config page with a browser. Even VPN connections couldn't be trusted.

Re:what? (0)

Anonymous Coward | more than 3 years ago | (#34615736)

I don't think anything but a Man-In-The-Middle Attack would work. The keys in the database are only used for authentication, not for encryption of the remaining traffic. After the authentication, new keys are negotiated, e.g. via Diffie-Hellman.

Re:what? (1)

Rijnzael (1294596) | more than 3 years ago | (#34615754)

If you can get the symmetric key negotiated between the two hosts, what's stopping you from using it to decrypt subsequent traffic?

Re:what? (1)

Anonymous Coward | more than 3 years ago | (#34615992)

You can not get the key that is used for traffic, because that key is not related to the certificate's private key. D-H key exchange [wikipedia.org] "allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel". Having the private key of the certificate does not per se affect the security of the later communication, except if a MITM-Attacker performs the key exchange on your behalf.

Re:what? (1)

Amouth (879122) | more than 3 years ago | (#34615928)

rather than a router i could see this being used to compromise VPN concentrators and things of that manner - as then not only can you give your self access to other resources but at the same time you can skim more credentials than just the admin for that device - which would then allow you to get just about anywhere you want.

Re:what? (1)

SilverJets (131916) | more than 3 years ago | (#34616286)

Even better than this. I'm at home. There is a single ethernet cable directly between my computer and my router.

This affects me how? It doesn't.

Re:what? (0)

Anonymous Coward | more than 3 years ago | (#34615414)

none of my (consumer) routers or access points use https anyway... all the administration interface is done unencrypted.

Re:what? (0)

Anonymous Coward | more than 3 years ago | (#34615848)

So it seems like this vulnerability is of no concern to me if I'm not trying to configure my router from outside my network. If I'm sitting in my home using my network, and I access my router's config web page, that traffic never passes through the router to the public internet. Correct? It seems like the solution is to not manage your router from any location except locally. That's a minor inconvenience, but not surprising for a sub-$100 piece of hardware.

Re:what? (2)

skids (119237) | more than 3 years ago | (#34615412)

People who use the stock firmware on APs and other embedded devices will be using cryptography that is actually easily breakable, because these devices usually do not offer the option of regenerating a private key specific to the device (and even when they do, hasty consumers won't regen a key anyway.)

Posted on Google Code (1, Interesting)

Toe, The (545098) | more than 3 years ago | (#34615340)

Here's Google's wikileaks-like test. The database is posted on Google Code [google.com] . Will they remove it?

Re:Posted on Google Code (1, Troll)

Amorymeltzer (1213818) | more than 3 years ago | (#34615474)

Before leaving China, Google censored search results. Hell, Google's altered their algorithm within days of a NYT article about how a sham business survived because of all the bad press he got. They've blocked certain searches, such as those used to find site vulnerabilities.

I'm a big Google fan, but I don't think we need any more tests to see that Google will play ball against certain baddies.

It's open (0)

Anonymous Coward | more than 3 years ago | (#34615352)

Who left the backdoor open?

Re:It's open (1)

Opportunist (166417) | more than 3 years ago | (#34616582)

The ... nice person who thought it's smart to hardcode private keys.

Great Work! (0, Troll)

Anonymous Coward | more than 3 years ago | (#34615370)

Great work! Keep it up!

Information shouldn't be kept private, which is why I support projects like this and Wikileaks!

Re:Great Work! (5, Insightful)

bunratty (545641) | more than 3 years ago | (#34615420)

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

Re:Great Work! (5, Insightful)

gstoddart (321705) | more than 3 years ago | (#34615472)

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

No, like most people who say that ... he only supports someone else's information being made public.

Re:Great Work! (0)

Anonymous Coward | more than 3 years ago | (#34615502)

nothing is "being made public" it already *IS* public

if you find my bank details programmed into the firmware of a router then by all means put it online. I would deserve it...

Re:Great Work! (2)

cyber-vandal (148830) | more than 3 years ago | (#34615686)

Netgear, Belkin and the rest might deserve it but I don't. This is really lazy on the part of router manufacturers and I'm looking for a new one right now. Hopefully I can find one where the manufacturer doesn't suffer from a common sense failure.

Re:Great Work! (1, Insightful)

migla (1099771) | more than 3 years ago | (#34615670)

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

No, like most people who say that ... he only supports someone else's information being made public.

There's a difference between exposing information about the misuse of power by a powerful individual or organization and information that only exposes a little person for abuse.

If absolutely all information wants to be free in some sci-fi quantum future, we'd better see to it that we go there with the big baddies transparent before they have all the dirt on all of us little regular people.

We do this by exposing the big bad lies while fighting to keep our little secrets.

Re:Great Work! (1)

pentadecagon (1926186) | more than 3 years ago | (#34615778)

I beg to differ. Private information should of course remain private, nobody argues against that. But here we talk about public Information, "public" in the sense that it is freely available anyway, just slightly harder to come by. This database isn't an original publication, it merely collects the published keys in order to make them easily accessible.

Re:Great Work! (0)

Anonymous Coward | more than 3 years ago | (#34616330)

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

No, like most people who say that ... he only supports someone else's information being made public.

Actually, it was sarcasm.

It's a nuanced case (2)

tepples (727027) | more than 3 years ago | (#34615528)

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

This is one of the stock answers to the "information should be free" in copyright debates. The stock counter to that is that published credentials, such as passwords and the like, have little or no legitimate use other than to defraud people who do business with the rightful owner of the credentials. But this situation is far more nuanced than the typical use of this answer. Publishing an RSA private key almost sounds like publishing passwords, as an RSA key is a credential used to sign communication between a router and an end user administrator, but it's something that the router makers are distributing anyway as part of router firmware. The parallel with Wikileaks is that creating a repository of such keys is a way of pointing out the flaw in a cryptosystem where all devices have the same private key.

Re:It's a nuanced case (1)

Neil_Brown (1568845) | more than 3 years ago | (#34615566)

The stock counter to that is that published credentials, such as passwords and the like, have little or no legitimate use other than to defraud people who do business with the rightful owner of the credentials.

However, none of that information (passwords, social security number etc.) is likely to be within the scope of a copyright regime, and so, from a copyright point of view, is unlikely to be restricted. As such, someone publishing someone else's bank account number is unlikely to be infringing the copyright of either customer, or of the bank?

Re:It's a nuanced case (1)

bunratty (545641) | more than 3 years ago | (#34615590)

The parallel to my post is that reminding the OP of the information he wants to be kept private points out the flaw in his argument that no information should be private.

Re:Great Work! (1)

Thinboy00 (1190815) | more than 3 years ago | (#34615638)

The AC is a straw man. Real "info wants to be free" people only want the info of companies, organizations, governments, etc. to be free. Julian Assange himself watches his own privacy very carefully [reuters.com] .

Re:Great Work! (0, Offtopic)

GooberToo (74388) | more than 3 years ago | (#34615944)

Recently watched a documentary about Wikileaks [youtube.com] and Julian Assange. My favorite Julian Assange quote is now, "Why do it? Killing people is fun." While he said it talking about the only possible motive for military people (soldiers on the ground), the fact is, he honestly believes, "killing people is fun." That's a seriously sick person. The fact is, those in the mental health community will tell you Julian's assessment has absolutely no basis is fact or reality; which further stresses he is projecting his own mentality that, "kill is fun." I also enjoyed the part where he hypocritically states that governments are wrong for doing exactly what he's doing, but its okay because he's not them (paraphrasing) and that furthermore, the means justify the end - so long as its him and not soldiers or the military. Again, a seriously hypocritical, deranged person.

Not hard to see why Wikileaks has discarded him and why some are so willing to get distance between themselves and the fucked up person known as Julian Assange. Some are even starting whole new leak organizations so as to completely cut ties between themselves and the deranged and mentally imbalanced Julian Assange.

Julian Assange is likely the best propagandist machine known to the world since the rise of the third reich. No joke. One of the videos which really catapulted him/them into fame is completely out of context and provided by absolutely no back story to properly stage it. In doing so, they provided propaganda (less than half of the actual story) and no meaningful information or facts. Basically this is what is called lies by omission. You can argue it was the media's job to properly collect facts and back story, but it doesn't help that he purposely paints and factually false picture to the world. This is what is called propaganda [wikipedia.org] . So where are the leaks about wikileaks lying at worst and misleading at best?

Meanwhile, some of the lessor known videos (also viewable in the documentary above) should have taken center stage. Contrary to the propaganda and massive ignorance associated with one of the well known videos (reporter/helicopter gunships), some of the others actually do depict war crimes and violations of the Geneva Convention. And yet what got people upset was war ignorantly framed for purely propaganda's sake.

Wikileaks has no credibility at this point for anyone who believes otherwise is ignorantly working as a tool for propaganda and Assange's agenda. Basically, anyone who still believes Assange has credibility is a tool.

I very much hope replacements for Wikileaks become visible very soon and that they are capable of doing what Assange managed to completely destroy and discredit in a matter of months.

Re:Great Work! (1)

Opportunist (166417) | more than 3 years ago | (#34616714)

"A documentary about $controversial_topic". It's about as unbiased and fair as any documentary about abortion or creationism. Once you have people who have an agenda besides "documenting", don't bother watching it.

Re:Great Work! (1)

Opportunist (166417) | more than 3 years ago | (#34616636)

"Information wants to be free". There's hardly a creed more often misinterpreted. Maybe aside of those associated with other religions.

The "information" that is meant here is not personal, privat information but information in the sense of "knowledge". Sharing knowledge can only lead to more knowledge, never less. If I know something you know, and you know something I know, we both know more than we knew before.

Re:Great Work! (3, Insightful)

Per Wigren (5315) | more than 3 years ago | (#34615730)

So you'll have no problem posting all your passwords, social security number, bank account numbers, and so on publicly, then. Right?

Not the same. This is more like calling the emperor naked. The bad guys already know that "security" is often just a theatre. This is just a blunt way to raise awareness of that fact and force vendors to start taking security more seriously.

Re:Great Work! (1)

Opyros (1153335) | more than 3 years ago | (#34616040)

I kinda suspect the grandparent was being sarcastic.

Re:Great Work! (5, Insightful)

Neil_Brown (1568845) | more than 3 years ago | (#34615498)

Information shouldn't be kept private

...says the person choosing to post anonymously, thereby keeping information private?

Re:Great Work! (0)

Anonymous Coward | more than 3 years ago | (#34616420)

Or too lazy to log on...this post, right here, is just such a post...not worthy of logging in.

Re:Great Work! (0)

Anonymous Coward | more than 3 years ago | (#34616578)

Darn, Neil Brown, I was going to say that and you beat me to it.

Re:Great Work! (0)

Anonymous Coward | more than 3 years ago | (#34616684)

I post anonymously because I'm too lazy to login and /.'s code and UI is such that I prefer to interact with it as little as necessary to leave comments.

~ethana2

DD-WRT? (3, Interesting)

Cheerio Boy (82178) | more than 3 years ago | (#34615430)

So how does this affect things like dd-wrt, open-wrt, and tomato where custom firmware is in place?

Re:DD-WRT? (0)

Anonymous Coward | more than 3 years ago | (#34615496)

My DD-WRT router generates a new cert every reboot. Not sure if it generates a new private key too though, would have to check.

Re:DD-WRT? (2)

Rijnzael (1294596) | more than 3 years ago | (#34615540)

I'm pretty sure DD-WRT doesn't generate a new certificate every reboot, and if it did, generating a new private key would be a required part of that (the private/public keypair are generated in tandem as a necessary step of RSA).

Did your router generate it or did the MITM? (2)

tepples (727027) | more than 3 years ago | (#34615712)

Anonymous Coward wrote:

My DD-WRT router generates a new cert every reboot.

If your router appliance firmware generates a new keypair and certificate every time you restart it, you'd have no easy way to tell whether you generated a given certificate or the man in the middle generated it. Even key continuity management fails in such a case. Who signs such certs? What am I missing?

Re:DD-WRT? (1)

awinnenb (1907486) | more than 3 years ago | (#34615512)

Beat me to it. I was wondering the same thing.

Re:DD-WRT? (2, Informative)

Rijnzael (1294596) | more than 3 years ago | (#34615518)

I recently just reinstalled DD-WRT on my router for various irrelevant reasons. However, I had set it up with remote SSH access on a non-standard port so I could tunnel through it to my home web server to retrieve documents and such. I just did this over the weekend, and today (my first day back at work since) I ssh'd into it, and was presented with a prompt by PuTTY to accept the key fingerprint. So, it appears, a unique key is generated at least between firmware installs.

Re:DD-WRT? (5, Informative)

(startx) (37027) | more than 3 years ago | (#34615612)

that's the SSH key. The article is talking about the SSL key used by the embedded web server, ie. when you go to https://192.168.1.1/ [192.168.1.1] . TFA also specifically says this DOES affect DD-WRT.

Re:DD-WRT? (2)

Cheerio Boy (82178) | more than 3 years ago | (#34615642)

that's the SSH key. The article is talking about the SSL key used by the embedded web server, ie. when you go to https://192.168.1.1/ [192.168.1.1] . TFA also specifically says this DOES affect DD-WRT.

From TFA: "Although at the moment the vast majority of the keys belong to various DD-WRT firmware, there are keys from Cisco, Linksys, D-Link and Netgear as well."

Damn. I missed it. Thanks for pointing that out!

Re:DD-WRT? (0)

Anonymous Coward | more than 3 years ago | (#34616358)

Damn. I missed it. Thanks for pointing that out!

and he wasn't a dick about it either! What's this world coming to?

OpenWRT not affected (0)

Anonymous Coward | more than 3 years ago | (#34615548)

AFAIK OpenWRT generates a SSL/TLS Certificate the first time the https daemon is started, so it should not be affected by this.

However, i don't use the HTTPS interface, only SSH, so maybe someone else can confirm this.

Re:DD-WRT? (4, Interesting)

blueg3 (192743) | more than 3 years ago | (#34615644)

DD-WRT, at least, installs with no SSL certificate in place and auto-generates one the first time it starts up.

This is really the correct solution, and a number of home routers actually do it.

Of course, there's a tradeoff. If you use a fixed certificate, you can have it legitimately signed. Then, if someone does a man-in-the-middle attack, you get the browser warning that they're using a self-signed certificate. Unless, of course, they're using the real fixed certificate. If, on the other hand, you use an autogenerated certificate, then the self-signed cert browser warning always appears (as you can only autogenerate self-signed certificates). The user learns that clicking through this warning is a necessary part of changing their router configuration. Then, any man-in-the-middle attack works, since anyone can make a self-signed certificate. (Yes, if they or the browser store the original cert and compare it to the new one, then this is no longer an issue.)

Realistically, I think this is a non-issue. If you're using home routers, they should only be configurable from the wired LAN, and only trusted people should be on that network.

House guests (1)

tepples (727027) | more than 3 years ago | (#34615732)

If you're using home routers, they should only be configurable from the wired LAN, and only trusted people should be on that network.

Then what's the polite way to tell house guests why you're not letting them check their Facebook?

Re:House guests (1)

TheRaven64 (641858) | more than 3 years ago | (#34615824)

Silently drop DNS requests to facebook.com and shrug and say it must be a problem at their end when they ask?

Then can you fix the problem at my end for me? (1)

tepples (727027) | more than 3 years ago | (#34615914)

Silently drop DNS requests to facebook.com and shrug and say it must be a problem at their end when they ask?

Then they'd try Google, their webmail, and other sites on their Favorites, and see that I'm silently dropping everything. Then they'd bug me to troubleshoot the "problem at their end" for free, and if I refuse to whitelist the MAC of their laptop or tablet, and I further deny them the use of one of my own computers "just for a minute" that inevitably turns into fifteen or more, I'm perceived as inconsiderate.

Re:Then can you fix the problem at my end for me? (1)

Anonymous Coward | more than 3 years ago | (#34616200)

Just run a guest network like everyone of us are.

Re:House guests (1)

ArsenneLupin (766289) | more than 3 years ago | (#34615894)

Then what's the polite way to tell house guests why you're not letting them check their Facebook?

Simple: don't log in to the management interface of your router while you have untrusted house guests. Indeed, a man in the middle can only spy upon a conversation that takes place.

Now, if your guests ask you to reconfigure your router because they need something special, just pretend you don't know how to do that, or that you forgot your password.

Or, alternatively, only take in trusted house guests.

Re:House guests (1)

tepples (727027) | more than 3 years ago | (#34616136)

if your guests ask you to reconfigure your router because they need something special, just pretend you don't know how to do that, or that you forgot your password.

I could claim that online games that need incoming connections have to go through a vetting process. But with my disability, I don't know to what extent it'd be considered a dick move.

Or, alternatively, only take in trusted house guests.

That'd certainly be a dick move, especially if I am culturally expected to take in members of my extended family and friends of others living with me.

Re:House guests (1)

Neil_Brown (1568845) | more than 3 years ago | (#34616098)

Then what's the polite way to tell house guests why you're not letting them check their Facebook?

This may make no sense whatsoever, but, could you have your wireless access point sitting between your modem and your network - i.e. so that someone accessing the Wi-Fi network does not have access to the internal network. If you want to access something on the network via Wi-Fi, you VPN back into it - everyone gets to access Facebook etc., but not content on your LAN.

If you need, restrict access to the admin interface of the WAP to only IP addreses in the range assigned to the VPN, or else from the IP address of a machine on the LAN, and then bounce through that machine?

Re:House guests (1)

tepples (727027) | more than 3 years ago | (#34616234)

could you have your wireless access point sitting between your modem and your network - i.e. so that someone accessing the Wi-Fi network does not have access to the internal network.

I could, but most home routers don't appear to support such a VPN setup out of the box, and most end users don't want to sit down for hours reading up on network security principles and the details of how to set up a VPN, especially when VPN is considered a "work thing", not a "home thing". The economies of scale in the home market currently favor devices whose design chooses convenience over security.

Re:DD-WRT? (1)

Cheerio Boy (82178) | more than 3 years ago | (#34615812)

Unfortunately I can't a way to restrict web management to the wired interfaces on my beat up little DD-WRT'd Fonera. Unless of course my eyeballs are failed today that is.

And anyways that means I'd have to have a wire strung around just to do the management of my wifi. I can do that of course but it's damn inconvenient if I put the router in say the attic or something.

Re:DD-WRT? (1)

EdIII (1114411) | more than 3 years ago | (#34616310)

The self-signed certificate applies to a lot of routers for small business and enterprise. It does not make sense to spend that much money just to get a cert from an authority.

I know that, for at least myself, the answer is VPN. So I am always configuring the routers from the LAN regardless of where I am. As a backup we allow a small number of trusted hosts to manage devices from the WAN. So from the datacenter we can always hit various branch offices and clients without a problem.

Good... (3, Insightful)

bhsx (458600) | more than 3 years ago | (#34615432)

Until Linksys, D-Link, Netgear, et al get their collective heads out their arses, these types of tools are great for pen testing small business networks. Personally, I can't wait for the Android app; maybe I could hack one together and get it out there...

VENONA (4, Interesting)

schmidt349 (690948) | more than 3 years ago | (#34615438)

Encryption is only as strong as the idiots who implement it. The Soviets learned that the hard way during the early part of the Cold War, when they accidentally reused random one-time pad encryptors. That led to the NSA's VENONA project, and we decrypted a pretty good amount of Soviet diplomatic and spy traffic before they were tipped off.

Nothing will change (1)

craftycoder (1851452) | more than 3 years ago | (#34615448)

Sadly, I'm sure that very few if any hardware vendor will change their behavior after this breach of security. Caveat emptor.

Re:Nothing will change (1)

Ephemeriis (315124) | more than 3 years ago | (#34615510)

Sadly, I'm sure that very few if any hardware vendor will change their behavior after this breach of security. Caveat emptor.

Probably not.

Your average home use is never going to see this information. And if they do get bitten by it, they'll never know why or how.

The folks who are seeing this information are unlikely to be using these devices with stock firmware. And even if they are, they've probably taken measures to secure their network in other ways.

Old problem (5, Interesting)

plsuh (129598) | more than 3 years ago | (#34615500)

Apple ran into something similar a long time ago for Mac OS X Server. The servermgrd daemon uses a self-signed SSL cert by default to secure communications with remote management tools. About four or five versions back the certificate was identical across all installations because it was contained in the installer package. Someone had to go down and show them that you could read all of the traffic by using sslsniff and the private key from your own copy of the installer. They changed to an individual, automatically generated certificate shortly thereafter.

--Paul

Re:Old problem (1)

Anonymous Coward | more than 3 years ago | (#34615618)

iphone SSL for facetime ???

Re:Old problem (0)

Anonymous Coward | more than 3 years ago | (#34616590)

Impossible! Macs are completely secure, by design. Stop Lying!

Misleading? (3, Insightful)

spankers (456500) | more than 3 years ago | (#34615586)

From the article: "...making it a simple matter for an attacker to decrypt the traffic passing through the device". I'd think it would only be *to* the device.

Misleading^2 (4, Informative)

formfeed (703859) | more than 3 years ago | (#34615806)

I'd think it would only be *to* the device

That, and I think the attacker has to be on the network you're using to administer the device.

For a home router, with remote administration hopefully disabled, that would be your local net. So, if you have an attacker in your living room https: // 192.0.0.1 (or whatever) won't be any saver than http: // 192.0.0.1

Also known as... (3, Funny)

digitaldc (879047) | more than 3 years ago | (#34615620)

SSLKeyLeaks

Wrongo (2)

hemo_jr (1122113) | more than 3 years ago | (#34615646)

"...simple matter for an attacker to decrypt the traffic passing through the device" Wrong. This will only give the attacker the ability to decrypt encrypted sessions to/with the device. Encrypted traffic going through the device to another nonidentical host will use a different private key.

Router as a closed proxy (1)

tepples (727027) | more than 3 years ago | (#34615844)

Encrypted traffic going through the device to another nonidentical host will use a different private key.

If you're using your router appliance as the endpoint of an HTTPS tunnel [wikipedia.org] , then tunneled HTTP traffic will be unencrypted after it leaves the appliance. It appears this would let someone sniff passwords for blogs, forums, and wikis, many of which don't use HTTPS due to the cost of a hosting plan including a dedicated IPv4 address, if someone can't sniff the route from the proxy to the HTTP site but can sniff the one from you to the proxy.

Setec Astronomy (1)

Layer 3 Ninja (862455) | more than 3 years ago | (#34615724)

No more secrets, Marty.

Not really trivial (1)

VincenzoRomano (881055) | more than 3 years ago | (#34615756)

OK, you own a private SSH key of a router.
Now what?
Remeber, you got the router key, not Alice's or Bob's!

Not true! (0)

Anonymous Coward | more than 3 years ago | (#34615760)

The private key in the SSL protocol is merely used for signing the session D-H key, which is generated for each session. Knowing the private key of an SSL server would not allow the attacker to eavesdrop the conversation. It only protects against MITM attack, which are not a real threat in this case.

We have done a security analysis of this problem at work a year ago and it turned out to be a dud.

Why? (0)

Anonymous Coward | more than 3 years ago | (#34616074)

Why isn't this stuff automatically generated on first boot? More secure.

Re:Why? (0)

Anonymous Coward | more than 3 years ago | (#34616400)

I forgot to take into account that those wont be signed, so then you have that issue of accepting a self signed certificate, rather than say a verisign signed...hmm, I'd understand this, but the average user, maybe not so much.

Ok maybe I am missing something but... (1)

tecker (793737) | more than 3 years ago | (#34616096)

Ok. I'm still not seeing how this would be valuable. To compromise this wouldn't the following things need to be in place?
  1. Router is being configured via wireless.
  2. No encryption on the wireless signal (or signal encryption is known)
  3. Configuring the router via https (common).

So if I have WPA2 on and configure my router via a wire how would knowing my routers SSL key be all that valuable?

People change default router passwords? (1)

mveloso (325617) | more than 3 years ago | (#34616156)

Do people really change the passwords on their home router?

I suspect not...so this is pretty much a moot hack. I mean, why go through the trouble of sslsniff when you can just log in as admin/admin?

http://www.phenoelit-us.org/dpl/dpl.html [phenoelit-us.org]

Dumb question... (0)

Anonymous Coward | more than 3 years ago | (#34616360)

So someone is using DD-WRT to run their home network. If they only authenticate their router admin session via a physical connection to the router, is this all irrelevant? And if so, is there a way to force DD-WRT to require a non-wifi connection?

I told you - I was one of those (1)

HonestButCurious (1306021) | more than 3 years ago | (#34616560)

True story - I wrote the SSL/SSH code for an Embedded router a few years ago. I *didn't* specify a hard-coded key -- instead the router would freeze for a few seconds to generate the key when you first activated SSL or SSH (only the management CPU froze - traffic still went through). The router's CPU was pretty crappy - it took quite a while to generate a 2048-bit key pair.

You can't imagine the amount of griping this slowdown caused from the product/marketing teams. They really really wanted it hard-coded. Fortunately "security guys" are taken seriously in Israel so as far as I know it's still generated on the fly.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>