Shodan boss finds 250,000 routers have common keys

Sky, BT and TalkTalk routers may be rotten, but the pain is worse in Spain

Collection of antique keys

More than 250,000 routers used in Spain, and thousands more used in other countries, are using the same SSH key says Shodan kingpin John Matherly.

The routers appear to be sold by Telefónica de España, according to Matherly, and are pre-configured with a single operating system image.

The gaffe means the probable small percentage of routers configured for remote access may be open to attackers who discover the corresponding SSH private key.

Telefónica de España has been contacted for comment.

Matherly said the routers appear to be pre configured before deployment.

"It looks like all devices with the fingerprint are Dropbear SSH instances that have been deployed by Telefónica de España," Matherly said in a post.

"It appears that some of their networking equipment comes setup with SSH by default, and the manufacturer decided to re-use the same operating system image across all devices."

Matherly found separate batches of 200,000 and 150,000 devices running the same SSH keys in what he describes as "systemic issues" for hardware manufacturers and telcos.

The security bod uploaded 1000 of the most common duplicate keys to GitHub along with Python script that could pull duplicate SSL serial numbers.

A Reddit user commenting on the research reports shared fingerprints in the UK return 11,5061, 7,875, and 2,224 instances of duplicates they said were linked to telcos Sky Broadband, TalkTalk and BT Plusnet. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017