Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tens of thousands of home routers at risk with duplicate SSH keys


  • Please log in to reply
No replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:12:45 PM

Posted 24 February 2015 - 03:04 PM

 

A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys.

John Matherly used Shodan, a specialized search engine for querying Internet-connected devices, and found more than 250,000 devices that appear to be deployed by Telefónica de España sharing the same public SSH key.

Matherly, who founded Shodan, performed the search after someone posted a shorter version of a public key—called a fingerprint—for their device.

He was surprised to find more than 250,000 other devices, mostly in Spain, that shared the same public key fingerprint. It means the devices—which are likely home routers—also have the same private key, which could pose a security risk.

A different search found another 150,000 devices, mostly in China and Taiwan, that have the same problem.

http://secureall.org/news/blog/tens-of-thousands-of-home-routers-at-risk-with-duplicate-ssh-keys/


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users