Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk

Posted by timothy on Thursday February 19, 2015 @03:10AM from the vewy-vewy-quiet dept.

alphadogg (971356) writes A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys. John Matherly, founder of a specialized search engine company whose technology is used for querying Internet-connected devices, found more than 250,000 devices that appear to be deployed by Telefónica de España sharing the same public SSH key. A different search found another 150,000 devices, mostly in China and Taiwan, that have the same problem. Matherly said in a phone interview on Wednesday it is possible the manufacturers copied the same operating system image to all of the routers.

2 of 114 comments (clear)

Min score:

Reason:

Sort:

No surprise... by jasno · 2015-02-19 03:15 · Score: 5, Informative

Most embedded guys are batting out of their league and don't have a clue when it comes to security... and I say that as an embedded guy who often has to do exactly that to get the product out.
Most embedded development I've done is far from 'software engineering' - it's whack and hack until the tests pass(often because you loosened the testing requirements).

--

http://www.masturbateforpeace.com/
1. Re:No surprise... by sinij · 2015-02-19 03:34 · Score: 5, Insightful
  
  Government already demands product certification (e.g. FIPS), it is time corporate and individual consumers started doing the same. We expect our power supplies to not electrocute us, there is a certification program to ensure that is the case, why is when it comes to data security we are so lax?