Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk

Posted by timothy on Thursday February 19, 2015 @03:10AM from the vewy-vewy-quiet dept.

alphadogg (971356) writes A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys. John Matherly, founder of a specialized search engine company whose technology is used for querying Internet-connected devices, found more than 250,000 devices that appear to be deployed by Telefónica de España sharing the same public SSH key. A different search found another 150,000 devices, mostly in China and Taiwan, that have the same problem. Matherly said in a phone interview on Wednesday it is possible the manufacturers copied the same operating system image to all of the routers.

1 of 114 comments (clear)

Min score:

Reason:

Sort:

Re:No surprise... by sinij · 2015-02-19 03:34 · Score: 5, Insightful

Government already demands product certification (e.g. FIPS), it is time corporate and individual consumers started doing the same. We expect our power supplies to not electrocute us, there is a certification program to ensure that is the case, why is when it comes to data security we are so lax?