Breaking SSL on Embedded Devices (/dev/ttyS0)

"The /dev/ttyS0 site has a discussion of the implications of the LittleBlackBox project. "Here's where it gets fun: many of these devices use hard-coded SSL keys that are baked into the firmware. That means that if Alice and Bob are both using the same router with the same firmware version, then both of their routers have the same SSL keys. All Eve needs to do in order to decrypt their traffic is to download the firmware from the vendor's Web site and extract the SSL private key from the firmware image"

Complete Story

Related Stories:

• Tech Comics: "Open Source Firmware"(Dec 17, 2010)
• Weekend Project: Set Up Safe Guest Wi-Fi with Linux(Dec 11, 2010)
• Install CHDK on Your Canon Camera Using Linux(Nov 18, 2010)
• Marcan Names PS3 Linux Bootloader on Firmware 3.41 AsbestOS(Sep 30, 2010)
• Ubuntu Kernel Developer releases Firmware Test Suite(Aug 11, 2010)
• The GPL Wins Again (Aug 06, 2010)