Study reveals an increasing number of devices sharing known private keys for HTTPS
A new study conducted by SEC Consult shows that the number of devices on the web (network appliances, Internet of Things devices, and embedded systems) using known private keys for HTTPS server certificates has increased by 40% over the last nine months. The company explains that there are several reasons for this increase: vendors not changing the settings of their hardware components, leaving the default keys and certificates in place; the inability of vendors to provide patches for security vulnerabilities; the fact that embedded systems are rarely patched; insufficient use of firewalls on devices on the WAN side (both by users and by ISPs). One key recommendation made by researchers is for vendors to make sure that each device uses random, unique cryptographic keys.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.