Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk

alphadogg (971356) writes A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys. John Matherly, founder of a specialized search engine company whose technology is used for querying Internet-connected devices, found more than 250,000 devices that appear to be deployed by Telefónica de España sharing the same public SSH key. A different search found another 150,000 devices, mostly in China and Taiwan, that have the same problem. Matherly said in a phone interview on Wednesday it is possible the manufacturers copied the same operating system image to all of the routers.

No surprise...

[jasno]

Most embedded guys are batting out of their league and don't have a clue when it comes to security... and I say that as an embedded guy who often has to do exactly that to get the product out.

Most embedded development I've done is far from 'software engineering' - it's whack and hack until the tests pass(often because you loosened the testing requirements).