November 13, 2023 at 09:44PM
An academic study has revealed that it is possible for someone to intercept SSH connections and impersonate devices by deducing private RSA keys. This allows the attacker to eavesdrop on users’ login details and monitor their activities on remote SSH servers. The vulnerability primarily affects Internet of Things devices and embedded gear that use RSA keys. However, widely used software libraries like OpenSSL and LibreSSL are not vulnerable. Manufacturers such as Cisco, Zyxel, Hillstone Networks, and Mocana were found to have products susceptible to this issue.
The meeting notes discuss a recent academic study that revealed the possibility of snooping on certain devices’ SSH connections and impersonating the equipment by exploiting the hosts’ private RSA keys. By successfully impersonating these devices, a spy could silently observe users’ login details and monitor their activities with remote SSH servers. The vulnerability arises from errors in signature generation that can be exploited to obtain the SSH server’s private host key. However, widely-used software libraries such as OpenSSL and LibreSSL, including OpenSSH, are not susceptible to this method. The vulnerability primarily affects Internet-of-Things and similar embedded devices. The study was conducted by researchers from the University of California, San Diego, along with contributions from MIT and previous research in the field. The paper provides more detailed information on the issue, and details of the manufacturers found to have vulnerable products are mentioned, including Cisco, Zyxel, Hillstone Networks, and Mocana. Cisco and Zyxel have taken steps to address the vulnerability, while the issue has been reported to CERT Coordination Center for Hillstone Networks and Mocana. It is also noted that SSH server implementations declaring themselves as “SSH-2.0-SSHD” and enterprise-grade Java applications relying on PKCSv1.5 may be at risk. The vulnerability’s impact on IPsec implementations requires further study due to the limited dataset available.