[cryptography] The lesser-known public key in embedded devices

Marek Lukaszuk m.lukaszuk at gmail.com
Mon Oct 8 04:18:07 EDT 2012


On Mon, Oct 8, 2012 at 12:32 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> I was recently sitting downstream of a Deutsche Telekom Speedport router and
> noticed that it used a certificate signed by a commercial CA (issued to the
> wrong name and expired, but that's another story).  The fact that it's a
> commercial CA cert indicates that there's only one of them for all Speedport
> devices, which in turn indicates that they all share the same private key.
>
> Has anyone looked into this further?  I lost access to the Speedport shortly
> after I noticed this.

Have you seen this
https://code.google.com/p/littleblackbox/ ?

/marek



More information about the cryptography mailing list