CyberSecurity news
FlagThis
Kirsten Doyle@informationsecuritybuzz.com
//
Millions of RSA encryption keys are vulnerable to attack due to a significant security flaw. New research indicates that roughly 1 in 172 online certificates are susceptible to compromise via a mathematical attack. This vulnerability primarily affects Internet of Things (IoT) devices, but it can pose a risk to any system utilizing improperly generated RSA keys. The root cause lies in poor random number generation during the key creation process.
The flaw occurs because keys sometimes share prime factors with other keys. If two keys share a prime factor, both can be broken by computing the Greatest Common Divisor (GCD). According to researchers, with modest resources, hundreds of millions of RSA keys used to protect real-world internet traffic can be obtained. Using a single cloud-hosted virtual machine and a well-studied algorithm, over one in 200 certificates can be compromised within days.
ImgSrc: informationsecu
References :
The flaw occurs because keys sometimes share prime factors with other keys. If two keys share a prime factor, both can be broken by computing the Greatest Common Divisor (GCD). According to researchers, with modest resources, hundreds of millions of RSA keys used to protect real-world internet traffic can be obtained. Using a single cloud-hosted virtual machine and a well-studied algorithm, over one in 200 certificates can be compromised within days.
ImgSrc: informationsecu
Share:
References :
- Information Security Buzz: Massive RSA Encryption Flaw Exposes Millions of IoT Devices to Attack
- Davey Winder: Millions Of Internet Encryption Keys At Risk Despite 2019 Warning
- www.itpro.com: Millions of RSA encryption keys could be vulnerable to attack
Classification:
- HashTags: #RSA #Encryption #IoT
- Company: RSA
- Target: IoT Devices
- Product: Encryption Keys
- Feature: Encryption Flaw
- Type: Vulnerability
- Severity: Major