Poor RSA Encryption Implementation Opens Door to Attacks on Medical Devices and Implants

Encryption renders data inaccessible to unauthorized individuals, provided the private key to decrypt data is not compromised and strong encryption is used.

Not all algorithms provide the same level of protection. The strength of encryption relies on the length of the key. The longer the key, the more computational power is required to break the encryption. When strong encryption is used, the computing power and time required to break the encryption renders the data virtually inaccessible.

DES was once considered a strong form of encryption but the computing power now available makes cracking the encryption possible even on relatively inexpensive computers. DES used 56-bit keys, which were fine in the 1970’s, but today the keys are nowhere near long enough. Strong encryption today is generally considered to require 256-bit keys, such as those generated by the AES algorithm. With AES-256, for the time being at least, sensitive data can be adequately secured. Providing the key is not disclosed, encrypted data cannot be accessed.

RSA is an alternative encryption standard that is commonly used to protect sensitive data. It uses an asymmetric cryptographic algorithm using two keys – A private key and a public key. The public key can be given to anyone, as it cannot be used on its own to decrypt data. For that the private key is also required.

The keys are generated by multiplying two random prime numbers. RSA keys are long and cannot easily be guessed or brute forced due to the level of computing power required. However, if errors are made implementing RSA encryption, keys can easily be cracked.

One of the problems that can arise is when RSA keys are not encrypted using truly random prime numbers. Errors in randomness weakens the encryption. A recent analysis of RSA certificates by Keyfactor has shown that in many IoT devices, the factors used to generate the keys are not entirely random, which makes it much easier to deduce the private key.

In such cases, a considerable amount of computing power is still required, but not enough to make cracking the encryption sufficiently difficult. According to Keyfactor, all it would take is around $3,000 of compute time on a single Azure virtual machine to crack these weak keys. At such a low cost, threat actors may find it well worth the investment.

Using a scalable GCD algorithm on their Azure VM, the researchers collected 175 million RSA certificates from the internet. 75 million of those keys were actively used to encrypt traffic and 100 million were publicly available keys. Keyfactor’s analysis identified 435,000 RSA certificates that shared the same factor. That equates to around 1 in 172 RSA certificates. Keyfactor was able to break all 435,000 certificates for less than $3,000 in Azure compute time.

Shared factors are mostly used in lightweight IoT devices. This is because they do not have sufficient entropy to generate truly random numbers as they lack the necessary processing power. The random numbers used are therefore predictable.  Discover the two prime numbers used to generate the key and the private key can be derived.

“Lightweight IoT devices are particularly prone to being in low entropy states due to the lack of input data they might receive, as well as the challenge of incorporating hardware-based random number generation economically,” explained Keyfactor. “Keys generated by lightweight IoT devices are therefore at risk of not being sufficiently random, increasing the chance that two keys share a factor and allow the key to be broken.”

One example they found involved an 8,192-bit RSA key. That key was extremely large, so it should not have been possible to guess it no matter how much time was devoted to the task. Yet guess that key they did. The length of the key was fine, but since the factor used was not entirely random, the length of the key was irrelevant.

A threat actor with the derived private key cannot be distinguished by the genuine private key holder, which opens the door to man-in-the-middle attacks, data tampering, and data theft.

This has major implications for a wide range of industries that use large numbers of IoT devices. Healthcare for example. In healthcare, many medical devices and implants have low entropy, so the encryption could be cracked and data obtained for a relatively small investment.

“The findings are alarming. The research finds inordinate rates of compromise impacting IoT devices with design constraints and limited entropy,” Keyfactor CTO Ted Shorter said. “These devices could include cars, medical implants and other critical devices, that if compromised, could result in life-impacting harm.”

Making existing IoT devices more secure is a major challenge. It may not be possible to patch affected IoT devices and if they lack sufficient processing power, they will remain insecure. The solution is to build sufficient entropy into the devices to ensure truly random factors are used to generate strong RSA keys.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.