The theft of some elected official’s devices during last week’s breach at the Capitol Building have been widely reported, raising fresh security concerns around managing device risk and preventing devices from becoming an entry point to a building and its network. Basic measures like ensuring two factor authentication and making sure screen auto lock is enabled on laptops and computers is important, but beyond the basics, businesses need to consider other IoT devices on the premises that could provide an entry point for attackers.
<p><span lang=\"EN-CA\">If IoT devices are improperly managed due to lack of code signing, secure communications and mutual authentication they could be vulnerable to exploit. A good example is if an unauthorized person can physically access a device, they can install malicious firmware onto a vulnerable device. If that device does not have proper code signing or secure bootloading implemented, it could be impacted. This kind of scenario could result in a national security issue that, at minimum, would hinder congressional operations while the affected equipment is quarantined, analyzed or replaced.</span></p> <p> </p> <p><span lang=\"EN-CA\">Last year, we <a href=\"https://info.keyfactor.com/rsa-certificate-vulnerability-keyfactor-research\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://info.keyfactor.com/rsa-certificate-vulnerability-keyfactor-research&source=gmail&ust=1610709065524000&usg=AFQjCNElLqVtTJ2lSzd_Nni-zgO-Ck6yVw\"><em>released research that looked at the risks of low entropy and its ability to break IoT devices</em></a>. What we found was that 1 in every 172 outbound connections relying on a target endpoint\’s RSA key confidentiality could be intercepted. Applying those findings here, that scenario could allow hostile parties to tamper with communications infrastructure. Ethernet jacks could be replaced with hidden, embedded devices that could run a man-in-the-middle (MitM) attack on selected traffic. Someone with physical access could also perform internet scans, running an analysis like our research, which could identify vulnerable connections. With that information, they could load broken server keys onto a device that could decrypt traffic whenever a request is made to a compromised domain. It might sound unbelievable, but it is not farfetched – the U.S. Capitol is a prime example of a high-value target and it is reasonable to consider that physical access could provide a communication path to perform a MitM attack. This kind of exposure significantly broadens the attack surface that security personnel must consider as they sweep for bugs and such as they re-secure the premises.</span></p>