Study reveals an increasing number of devices sharing known private keys for HTTPS

A new study conducted by SEC Consult shows that the number of devices on the web (network appliances, Internet of Things devices, and embedded systems) using known private keys for HTTPS server certificates has increased by 40% over the last nine months. The company explains that there are several reasons for this increase: vendors not changing the settings of their hardware components, leaving the default keys and certificates in place; the inability of vendors to provide patches for security vulnerabilities; the fact that embedded systems are rarely patched; insufficient use of firewalls on devices on the WAN side (both by users and by ISPs). One key recommendation made by researchers is for vendors to make sure that each device uses random, unique cryptographic keys.