Breaking SSL on Embedded Devices (/dev/ttyS0)
Dec 24, 2010, 23:02 (0 Talkback[s])
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"The /dev/ttyS0 site has a discussion of the implications of the
LittleBlackBox project. "Here's where it gets fun: many of these
devices use hard-coded SSL keys that are baked into the firmware.
That means that if Alice and Bob are both using the same router
with the same firmware version, then both of their routers have the
same SSL keys. All Eve needs to do in order to decrypt their
traffic is to download the firmware from the vendor's Web site and
extract the SSL private key from the firmware image"