Embedded device mayhem as rivals share keys
More than 26,000 Cisco devices sold by Australia's dominant telco Telstra are open to hijacking via hardcoded SSH login keys and SSL certificates.
The baked-in HTTPS server-side certificates and SSH host keys were found by Sec Consult during a study of thousands of router and Internet of Things gizmos.
Cisco warns that miscreants who get hold of these certificates, can decrypt web traffic to a router's builtin HTTPS web server via man-in-the-middle attacks. The web server is provided...