Encryption weaknesses in RSA certificates leave IoT devices vulnerable to attack

Researchers find one-in-172 RSA certificates using a common factor to generate keys

Researchers at cyber security firm Keyfactor have identified encryption weaknesses in RSA certificates, leaving millions of Internet of Things (IoT) devices at risk of attack.

In their latest study, researchers collected 75 million RSA digital certificates and keys from the internet and analysed them on a Microsoft Azure-hosted virtual machine using Keyfactor's scalable GCD algorithm to identity common factors. They found that nearly one-in-172 RSA certificates were vulnerable to factoring attack.

Researchers blame poor entropy - randomness in generating keys - as the main cause of weaker certificates

RSA cryptography is named after its creators, Ron Rivest, Adi Shamir and Leonard Adleman, who designed the RSA algorithms in the 1970s as a way to secure transmission of data to/from remote sources. The technique relies on attackers' inability to figure out the two randomly generated prime numbers that are multiplied to generate keys.

Usually, no two RSA keys should have the same prime factors, but the researchers found over 435,000 certificates using a common factor to generate keys (at a rate of one-in-172), enabling them to re-derive the private key.

A large fraction of the weak certificates belonged to modems, firewalls, routers, and other network devices. Medical implants and connected cars were also found to be affected by weaknesses in digital certificates.

The team also analysed nearly 100 million digital certificates gathered from the Certificate Transparency logs on desktops, and found that common factors were used in just five certificates (one in 20 million).

This greater rate of using common factors means there is a high chance of encrypted communications being intercepted by hackers by correctly guessing a key.

"In a real-world attack scenario, a threat actor with a re-derived private key for an SSL/TLS server certificate could impersonate that server when devices attempt to connect," said JD Kilgallin, senior integration engineer and researcher at Keyfactor.

Researchers blame poor entropy - randomness in generating keys - as the main cause of weaker certificates. Since the embedded gear often uses very low-power hardware, the devices are usually not able to generate random numbers in the way that they must do.

The study stresses the significance of security best practices, use of cryptography and random number generation to through the lifecycle of connected devices to protect them from attacks.

"These concerning findings highlight the need for device manufacturers, website and network administrators, and the public at large to consider security, and especially secure random number generation, as a paramount requirement of any connected system," the researchers said in a blog post.

"Systems should attempt to use security best practices from inception, and in any case must have the ability to securely update both software and cryptography to protect against risks like this," they added.