היום נתקלתי בדבר הבא-"Breaking SSL on Embedded Device":
LittleBlackBox is a collection of thousands of private SSL keys extracted from various embedded devices. These private keys are stored in a database where they are correlated with their public SSL certificates as well as the hardware/firmware that are known to use those SSL keys.
A command line utility is included to aid in the identification of devices or network traffic that use these known private keys. Given a public SSL certificate, the utility will search the database to see if it has a corresponding private key; if so, the private key is displayed and can be used for traffic decryption or MITM attacks. Alternatively, it will also display a table of hardware and firmware that is known to use that private key.
:The utility can obtain a public certificate several different ways
1.You may give it the path to a public certificate file
2.You may give it the SHA1 hash of a public certificate
3.Given a host, it will retrieve the host's public SSL certificate
4.Given a pcap file, it will parse the file looking for public certificate exchanges
5.Given a live network interface, it will listen for public certificate exchanges
מה שיותר מפחיד,זה שקיימת קבוצה אשר עומלת רבות להשיג את המפתחות הפרטיים ואף משחררת כלים מסוג
"Firmware Analysis Tool" לצורך חילוץ המפתחות.
יחד עם זאת יש לציין כי במקרים מסויימים ההתקפה כמעט ובלתי אפשרית ,במיוחד אם לא יודעים את גרסת
ה-Firmware.
ציטוט מהמקור:
However, there are some practical limitations to this attack. If Eve doesn’t know what router or firmware version Alice and Bob are using, it will be difficult to impossible for her to identify which firmware image to extract the SSL keys from. A good example of this is DD-WRT. There are several versions of DD-WRT available for each router supported by DD-WRT. And for each of those versions, there are several different “flavors”: micro, standard, VPN, etc. Even if Eve knows that Alice and Bob are running DD-WRT, that’s a lot of firmware images to work through. This becomes even more difficult when dealing with vendors whose firmware is not as standardized between releases.
לצערי התופעה לא פוסחת על שום סקטור החל מהמגזר הפננסי ,הבטחוני ,טלקום והתעשיה.
מעטות החברות אשר שמות דגש על אבטחת המפתחות ב-Network Device ,משום מה ישנה תחושה כי יש לשמור את זוג מפתחות ההצפנה רק של שרתי ה-CA והחתימה הדיגיטלית.
ללא ספק עוד טכניקה טובה לביצוע Pentration Testing :) .
לילה טוב!
LittleBlackBox -אוסף של מפתחות שזה לא רע בכלל:)
אין תגובות:
הוסף רשומת תגובה