So how would it be if you found out that the key to your house also worked at your neighbor’s house. What if it turned out the builder in your subdivision used the exact same lock on every house they built, and your key could get you into every house in your neighborhood?
This is essentially the situation that security researchers at SEC Consult discovered with a host of Internet connected devices. Millions of routers, web cameras, DVRs and other devices share the same encryption key that is used for remote access and management. Some of these devices are the same Ubiquiti cable modems we about reported earlier. The weakness is in the use of HTTPS and SSH keys baked in the firmware of these devices. This leaves they all vulnerable to exploitation in a single attack. These devices are accessible from the Internet because in many cases the remote management feature was active by default, and had not been disabled at the time of installation.
There are a couple of great articles that go into detail if you are interested. The links are below. The take-aways here are the same:
- Disable remote administration
- Change all default users and passwords
- Change your cryptographic keys from the default too.