A disturbing security vulnerability has been uncovered affecting RSA encryption keys used across the internet, with researchers discovering that approximately 1 in 172 certificates found online are susceptible to compromise through a mathematical attack. Many affected devices continued to use vulnerable keys even after previous security warnings, underscoring the challenge of patching IoT systems in the field. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Their analysis revealed that 435,000 certificates were compromised using a relatively simple mathematical technique, representing a significant security risk to affected systems. This widespread vulnerability primarily impacts Internet of Things (IoT) devices but could potentially affect any system using improperly generated RSA keys. The attack exploits a fundamental property of RSA cryptography: if two different RSA keys share a prime factor, both can be broken by computing the Greatest Common Divisor (GCD). With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. When RSA keys are generated without sufficient randomness, they may share prime factors with other keys, making them vulnerable to factorization attacks. Keyfactor Security researchers identified this critical issue after analyzing over 75 million RSA certificates collected from across the internet. The research found that IoT devices were particularly vulnerable, with approximately 50% of compromised certificates containing the name of a large network equipment manufacturer. Researchers emphasize that device manufacturers must ensure their products have sufficient entropy sources and adhere to cryptographic best practices to protect users from these preventable vulnerabilities.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Mar 2025 10:45:05 +0000